Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-0097

Malware in sbrugna...

8.8CVSS8.1AI score0.03566EPSS
Exploits0References21
EUVD
EUVDadded 2025/10/03 8:7 p.m.0 views

EUVD-2022-3144

Malicious code in bioql PyPI...

5CVSS6.2AI score0.00467EPSS
Exploits1References16
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-4547

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.0395EPSS
Exploits0References17
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-12691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that...

8.8CVSS7.6AI score0.03566EPSS
Exploits0References2
OSV
OSVadded 2022/05/24 5:17 p.m.2 views

GHSA-4427-7F3W-MQV6 OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS8.5AI score0.03566EPSS
Exploits0References13
OSV
OSVadded 2022/05/24 5:17 p.m.5 views

GHSA-CHGW-36XV-47CW OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.4AI score0.01066EPSS
Exploits0References10
OSV
OSVadded 2022/05/05 2:48 a.m.3 views

GHSA-8833-QRVM-WC3H OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

5CVSS6.3AI score0.00467EPSS
Exploits1References11
OSV
OSVadded 2018/12/17 7:29 a.m.4 views

CVE-2018-20170

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...

5.3CVSS5.3AI score
Exploits0References1
OSV
OSVadded 2012/07/31 10:45 a.m.5 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

6.1AI score
Exploits0References16
Rows per page
Query Builder