Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7750 matches found

Cvelist
Cvelistadded 2026/05/28 12:0 a.m.24 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS0.00041EPSS
Exploits1References2
CVE
CVEadded 2026/05/28 12:0 a.m.18 views

CVE-2026-42999

OpenStack Keystone prior to 29.0.2 contains CVE-2026-42999, where the RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary (policy_dict.update(json_input.copy())). Since flask.request.get_json is called with force=True, this ...

8.8CVSS6AI score0.00041EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVEadded 2026/05/28 12:0 a.m.7 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

8.8CVSS6AI score0.00041EPSS
Exploits1
ATTACKERKB
ATTACKERKBadded 2026/05/28 12:0 a.m.7 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.00561EPSS
Exploits2References3Affected Software1
CVE
CVEadded 2026/05/28 12:0 a.m.16 views

CVE-2026-44394

CVE-2026-44394 affects OpenStack Keystone before 29.0.2. The federated token rescoping mechanism does not propagate the original token expiry to the newly issued token; repeated rescopes can allow indefinite access by issuing tokens with a fresh TTL, bypassing token lifetime policies. Affected de...

8.1CVSS5.8AI score0.00052EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/05/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...

7.1CVSS5.8AI score0.0005EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/28 12:0 a.m.5 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00064EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.7 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from an application credential impersonation vulnerability combined with a trust...

8.8CVSS5.8AI score0.00041EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.5 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the RBAC policy executor unconditionally merging the original JSON request...

8.8CVSS5.9AI score0.00041EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/05/28 12:0 a.m.4 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

8.8CVSS5.8AI score0.00064EPSS
Exploits1
Debian CVE
Debian CVEadded 2026/05/28 12:0 a.m.5 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00041EPSS
Exploits1
OSV
OSVadded 2026/05/27 2:16 a.m.6 views

DEBIAN-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 2:16 a.m.7 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.0005EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/05/27 2:16 a.m.10 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References4
OSV
OSVadded 2026/05/27 2:16 a.m.4 views

UBUNTU-CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/27 1:57 a.m.8 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2026/05/27 1:57 a.m.10 views

CVE-2026-49017

OpenStack Swift prior to 2.36.2 and 2.37.2 is affected. The s3api middleware enters an infinite loop while processing truncated aws-chunked PUT bodies, due to the StreamingInput class repeatedly appending an empty buffer and re-reading. This causes the proxy-server worker to become permanently un...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/27 1:57 a.m.12 views

EUVD-2026-32040

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/05/27 1:57 a.m.6 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS5.9AI score0.0005EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/27 1:57 a.m.28 views

CVE-2026-49017

In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...

7.1CVSS0.0005EPSS
Exploits0References3
Rows per page
Query Builder