Lucene search
K

5 matches found

OSV
OSV
added 2026/05/28 9:32 p.m.4 views

GHSA-2R23-2G6V-2M5F OpenStack Keystone has an Authorization Bypass

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS5.9AI score0.00329EPSS
Exploits1References8
CVE
CVE
added 2026/05/28 12:0 a.m.39 views

CVE-2026-42999

OpenStack Keystone prior to 29.0.2 contains CVE-2026-42999, where the RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary (policy_dict.update(json_input.copy())). Since flask.request.get_json is called with force=True, this ...

8.8CVSS6AI score0.00329EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/28 12:0 a.m.3 views

Authorization Bypass Through User-Controlled Key

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via injection of arbitra...

8.8CVSS6.1AI score0.00329EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.29 views

CVE-2025-13885 Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Zenost Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' and 'target' parameters in the button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00189EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2024/11/01 1:0 p.m.16 views

Finding the LNK: Techniques and methodology for advanced analysis with Velociraptor

Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence CTI is fairly well-understood, analysts may overlook less well-known data...

7.3AI score
Exploits0
Rows per page
Query Builder