Opennebula
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-37425 | Cri | 0.64 | 9.9 | 0.02 | Oct 28, 2022 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | ||
| CVE-2025-54955 | Hig | 0.46 | 8.1 | 0.00 | Aug 3, 2025 | OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a… | ||
| CVE-2022-37424 | Med | 0.42 | 6.5 | 0.01 | Oct 28, 2022 | Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | ||
| CVE-2025-56537 | Med | 0.33 | 6.1 | 0.00 | Apr 29, 2026 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter. | ||
| CVE-2025-56536 | Med | 0.33 | 6.1 | 0.00 | Apr 29, 2026 | A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter. | ||
| CVE-2025-56535 | Med | 0.33 | 6.1 | 0.00 | Apr 29, 2026 | A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter. | ||
| CVE-2025-56534 | Med | 0.33 | 6.1 | 0.00 | Apr 29, 2026 | A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||
| CVE-2022-37426 | Med | 0.28 | 4.3 | 0.01 | Oct 28, 2022 | Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. |
- risk 0.64cvss 9.9epss 0.02
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.
- risk 0.46cvss 8.1epss 0.00
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a…
- risk 0.42cvss 6.5epss 0.01
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.
- risk 0.33cvss 6.1epss 0.00
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.
- risk 0.33cvss 6.1epss 0.00
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
- risk 0.33cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
- risk 0.33cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
- risk 0.28cvss 4.3epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.