EUVD-2026-33074

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

CVE-2026-0628

CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...

DEBIAN-CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...