彙總 opennebula 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-56537 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter. | [email protected] | 6.1 | 0.18% | 2026-04-29 | 2026-06-17 |
| CVE-2025-56536 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter. | [email protected] | 6.1 | 0.18% | 2026-04-29 | 2026-06-17 |
| CVE-2025-56535 | A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter. | [email protected] | 6.1 | 0.18% | 2026-04-29 | 2026-06-17 |
| CVE-2025-56534 | A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | [email protected] | 6.1 | 0.18% | 2026-04-29 | 2026-06-17 |
| CVE-2025-54955 | OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials. | [email protected] | 8.1 | 0.33% | 2025-08-02 | 2026-06-17 |
| CVE-2022-37426 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | [email protected] | 4.3 | 0.50% | 2022-10-28 | 2026-06-17 |
| CVE-2022-37425 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | [email protected] | 9.9 | 1.54% | 2022-10-28 | 2026-06-17 |
| CVE-2022-37424 | Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | [email protected] | 6.5 | 0.71% | 2022-10-28 | 2026-06-17 |