CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

209 matches found

SUSE CVE•added 2026/06/12 2:25 a.m.•8 views

SUSE CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS5.3AI score0.00262EPSS

Exploits0References3

RedhatCVE•added 2026/06/11 2:59 p.m.•10 views

CVE-2026-50266

A flaw was found in OpenStack Neutron. A project manager can exploit this vulnerability by creating or updating a port on a shared network and setting the deviceowner to a specific value. This bypasses default access controls, allowing the project manager to obtain trusted network-service port...

6.6CVSS5.1AI score0.00262EPSS

Exploits0References8

ATTACKERKB•added 2026/06/04 4:18 p.m.•7 views

CVE-2026-50266

3.5CVSS7.1AI score0.00963EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/06/04 4:18 p.m.•10 views

CVE-2026-50266

2.2CVSS5.8AI score0.00262EPSS

Exploits0References5

Positive Technologies•added 2026/06/04 12:0 a.m.•14 views

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

2.2CVSS5.8AI score0.00262EPSS

Exploits0References9

Akamai Blog•added 2025/12/12 5:0 p.m.•6 views

Stop Overpaying for East-West Traffic Control: Firewalls vs. Security Groups

...

7AI score

Exploits0

RedhatCVE•added 2025/12/09 12:51 a.m.•3 views

CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

5.5CVSS6.7AI score0.00158EPSS

Exploits0References1

OSV•added 2025/12/02 11:39 a.m.•5 views

BIT-HUBBLE-RELAY-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

5.5CVSS6.7AI score0.00158EPSS

Exploits0References6

OSV•added 2025/12/02 11:35 a.m.•4 views

BIT-CILIUM-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

5.5CVSS6.7AI score0.00158EPSS

Exploits0References6

OSV•added 2025/12/02 11:35 a.m.•6 views

BIT-CILIUM-OPERATOR-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

5.5CVSS6.7AI score0.00158EPSS

Exploits0References6

Snyk•added 2025/12/01 6:59 p.m.•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the policy evaluation process when egress.toGroups.aws.securityGroupsIds references AWS security group IDs that do not exist or are not attached to any network interface. An attacker can gain broader outbound...

5.5CVSS6.9AI score0.00158EPSS

Exploits0References2

Github Security Blog•added 2025/12/01 6:59 p.m.•6 views

Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic

Impact CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset sectio...

5.5CVSS6.9AI score0.00158EPSS

Exploits0References7Affected Software2