CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

NVD•added 2026/05/08 7:16 a.m.•4 views

CVE-2026-44916

In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...

3CVSS0.00011EPSS

Exploits0References3

Debian CVE•added 2026/05/08 6:38 a.m.•5 views

CVE-2026-44916

In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...

3CVSS5.8AI score0.00011EPSS

Exploits0

Vulnrichment•added 2026/05/08 6:38 a.m.•5 views

CVE-2026-44916

In OpenStack Ironic before 35.0.2 in a certain non-default configuration, instanceinfo'kstemplate' is rendered without sandboxing...

3CVSS5.8AI score0.00011EPSS

Exploits0References2

CVE•added 2026/05/08 6:38 a.m.•7 views

CVE-2026-44916

CVE-2026-44916 affects OpenStack Ironic up to version 35.x, where rendering of instance_info['ks_template'] occurs without sandboxing. The root cause is the lack of sandboxing during template rendering, which can expose sensitive information or enable unintended behavior within the template execu...

3CVSS5.8AI score0.00011EPSS

Exploits0References3

Positive Technologies•added 2026/05/08 12:0 a.m.•4 views

PT-2026-38679

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 36.0 Description In OpenStack Ironic, the ks template variable within instance info is rendered without sandboxing. Sandboxing is a security mechanism that isolates executing code to prevent it from accessing...

3CVSS5.9AI score0.00011EPSS

Exploits0References16

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-1583

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.06672EPSS

Exploits1References5

Fedora•added 2024/11/26 4:39 a.m.•11 views

[SECURITY] Fedora 40 Update: cobbler-3.3.7-1.fc40

Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors,...

9.8CVSS7.4AI score0.70891EPSS

Exploits6

SUSE CVE•added 2023/02/15 6:5 a.m.•1 views

SUSE CVE-2008-6954

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS7.5AI score0.01636EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:58 a.m.•1 views

SUSE CVE-2010-2235

templateapi.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a...

8.5CVSS7.8AI score0.01839EPSS

Exploits0References3

Github Security Blog•added 2022/05/17 5:45 a.m.•25 views

Cobbler is vulnerable to code injection

8.5CVSS5.6AI score0.01839EPSS

Exploits0References7Affected Software1

OSV•added 2022/05/17 2:10 a.m.•15 views

GHSA-P8W2-F44P-FMCJ Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability

The web interface CobblerWeb in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code with the root privileges in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules...

9CVSS6.8AI score0.01636EPSS

Exploits0References9

GitLab Advisory Database•added 2022/05/17 12:0 a.m.•17 views

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9CVSS7.2AI score0.01636EPSS

Exploits0References9Affected Software1

GitLab Advisory Database•added 2022/05/17 12:0 a.m.•19 views

Improper Control of Generation of Code ('Code Injection')

CVE-2010-2235 RHN Satellite cobbler: Code injection flaw ACE as root by processing of a specially-crafted kickstart template file...

8.5CVSS2.7AI score0.01839EPSS

Exploits0References7Affected Software1

CNVD•added 2022/03/08 12:0 a.m.•18 views

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-20164)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the q parameter in the Kickstart...

6.1CVSS3.2AI score0.06672EPSS

Exploits1References1

Github Security Blog•added 2022/03/05 12:0 a.m.•22 views

Cross-site Scripting in Subrion CMS

Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template...

6.1CVSS5.8AI score0.06672EPSS

Exploits1References3Affected Software1

OSV•added 2022/03/05 12:0 a.m.•26 views

GHSA-XJ7H-G7RH-GJCW Cross-site Scripting in Subrion CMS

Cross Site Scripting XSS vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template...

6.1CVSS5.9AI score0.06672EPSS

Exploits1References3