VYPR
Vendor

Opennebula

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2022-37425CriOct 28, 2022
    risk 0.64cvss 9.9epss 0.02

    Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion.

  • CVE-2025-54955HigAug 3, 2025
    risk 0.46cvss 8.1epss 0.00

    OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a…

  • CVE-2022-37424MedOct 28, 2022
    risk 0.42cvss 6.5epss 0.01

    Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery.

  • CVE-2025-56537MedApr 29, 2026
    risk 0.33cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual network template parameter.

  • CVE-2025-56536MedApr 29, 2026
    risk 0.33cvss 6.1epss 0.00

    A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.

  • CVE-2025-56535MedApr 29, 2026
    risk 0.33cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.

  • CVE-2025-56534MedApr 29, 2026
    risk 0.33cvss 6.1epss 0.00

    A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

  • CVE-2022-37426MedOct 28, 2022
    risk 0.28cvss 4.3epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection.