CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Nuclei•added yesterday•40 views

Nova noVNC - Open Redirect

Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...

6.1CVSS6.9AI score0.87177EPSS

Exploits1References5

RedhatCVE•added 2 days ago•6 views

CVE-2026-7066

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS6.8AI score0.0212EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

5.4CVSS5.5AI score0.00012EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.5AI score0.00037EPSS

RedhatCVE•added 2 days ago•5 views

CVE-2026-44919

In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL...

4.3CVSS5.4AI score0.00014EPSS

RedhatCVE•added 2 days ago•4 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.6AI score0.00038EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-34774

In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS5.8AI score0.00037EPSS

OSV•added 2 days ago•3 views

DEBIAN-CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

NVD•added 2 days ago•5 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS0.00037EPSS

Tenable Nessus•added 2 days ago•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-50589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Ironic 32 through 35.0.1, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and...

Tenable Nessus•added 2 days ago•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-50266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value th...

3.5CVSS7.2AI score0.00174EPSS

OSV•added 2 days ago•5 views

UBUNTU-CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3...

7.4CVSS5.4AI score0.00015EPSS

Exploits0References4

Debian CVE•added 3 days ago•4 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

Cvelist•added 3 days ago•32 views

Exploits0

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

5.3CVSS0.00037EPSS

Vulnrichment•added 3 days ago•3 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

CVE•added 3 days ago•11 views

CVE-2026-50589

Affected software : OpenStack Ironic versions 32 through 35.0.1. Vulnerability : An unauthenticated malicious user can submit a crafted JSON string to certain API or JSON-RPC endpoints, which may trigger a service crash. Impact : Denial of service via a crash (availability impact noted as LOW in ...

ATTACKERKB•added 3 days ago•5 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...