opennebula 漏洞與 CVE 列表(8)

產品(CPE): — CVE 數: 8

opennebula 漏洞概覽

彙總 opennebula 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 跨站腳本與路徑處理缺陷 等問題,部分漏洞可能導致 工作階段劫持,並影響 軟體部署與生產負載 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 188 CVE 數
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2025-56537 A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter. [email protected] 6.1 0.18% 2026-04-29 2026-06-17
CVE-2025-56536 A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter. [email protected] 6.1 0.18% 2026-04-29 2026-06-17
CVE-2025-56535 A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter. [email protected] 6.1 0.18% 2026-04-29 2026-06-17
CVE-2025-56534 A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. [email protected] 6.1 0.18% 2026-04-29 2026-06-17
CVE-2025-54955 OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials. [email protected] 8.1 0.33% 2025-08-02 2026-06-17
CVE-2022-37426 Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. [email protected] 4.3 0.50% 2022-10-28 2026-06-17
CVE-2022-37425 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. [email protected] 9.9 1.54% 2022-10-28 2026-06-17
CVE-2022-37424 Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. [email protected] 6.5 0.71% 2022-10-28 2026-06-17
«« 第一頁 « 上一頁 第 1 / 1 頁 下一頁 »
cvelogic Threat Intelligence