Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache CloudStackApache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access

Risk 70
Severity
9.1
First published (updated )
CVE-2026-25199

oss-secCVE-2026-25199: Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access

First published (updated )
https://seclists.org/oss-sec/2026/q2/461

Apache CloudStackApache CloudStack: Unauthenticated Command Injection in Direct Download Templates

Risk 83
Severity
8.8
First published (updated )
CVE-2026-25077

Apache CloudStackApache CloudStack: Domain/account resources limits not honored

Risk 40
Severity
6.5
First published (updated )
CVE-2025-69233

oss-secCVE-2025-69233: Apache CloudStack: Domain/account sources limits not honod

First published (updated )
https://seclists.org/oss-sec/2026/q2/459
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStackApache CloudStack: MinIO policy remains intact on bucket deletion

Risk 63
Severity
8.1
First published (updated )
CVE-2025-66467

oss-secCVE-2025-66467: Apache CloudStack: MinIO policy mains intact on bucket deletion

First published (updated )
https://seclists.org/oss-sec/2026/q2/458

Apache CloudStackApache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

Risk 63
Severity
8.1
First published (updated )
CVE-2025-66172

oss-secCVE-2025-66172: Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to

First published (updated )
https://seclists.org/oss-sec/2026/q2/457

Apache CloudStack Backup pluginApache CloudStack: Any user can create a new VM from backups they should not have access to

Risk 40
Severity
6.5
First published (updated )
CVE-2025-66171
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secCVE-2025-66171: Apache CloudStack: Any user can cate a new VM from backups they should not have access to

First published (updated )
https://seclists.org/oss-sec/2026/q2/456

Apache CloudStack Backup pluginApache CloudStack: Any user can list backups that they should not have access to

Risk 40
Severity
6.5
First published (updated )
CVE-2025-66170

oss-secCVE-2025-66170: Apache CloudStack: Any user can list backups that they should not have access to

First published (updated )
https://seclists.org/oss-sec/2026/q2/455

Apache CloudStackApache CloudStack: Potential remote code execution on Javascript engine defined rules

Risk 39
Severity
4.7
First published (updated )
CVE-2025-59302

Apache CloudStackApache CloudStack: CKS cluster in project exposes user API keys

Risk 60
Severity
8.1
First published (updated )
CVE-2025-26521
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStackApache CloudStack: Insecure access of user's API/Secret Keys in the same domain

Risk 79
Severity
8.8
First published (updated )
CVE-2025-47849

Apache CloudStackApache CloudStack: Domain Admin can reset Admin password in Root Domain

Risk 79
Severity
8.8
First published (updated )
CVE-2025-47713

Apache CloudStackApache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure

Risk 87
Severity
9.9
First published (updated )
CVE-2024-50386

Apache CloudStackApache CloudStack: Request origin validation bypass makes account takeover possible

Risk 81
Severity
8.8
First published (updated )
CVE-2024-45693

Apache CloudStackApache CloudStack: Incomplete session invalidation on web interface logout

Risk 54
Severity
7.1
First published (updated )
CVE-2024-45462
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStackApache CloudStack Quota plugin: Access checks not enforced in Quota

Risk 48
Severity
6.3
First published (updated )
CVE-2024-45461

Apache CloudStackApache CloudStack: Unauthorised Network List Access

Risk 24
Severity
4.3
First published (updated )
CVE-2024-42222

Apache CloudStackApache CloudStack: User Key Exposure to Domain Admins

Risk 70
Severity
7.2
First published (updated )
CVE-2024-42062

Apache CloudStackApache CloudStack: SAML Signature Exclusion

Risk 80
Severity
8.1
First published (updated )
CVE-2024-41107

Apache CloudStackApache CloudStack: Unauthenticated cluster service port leads to remote execution

Risk 89
Severity
9.8
First published (updated )
CVE-2024-38346
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache CloudStackApache CloudStack: Integration API service uses dynamic port when disabled

Risk 89
Severity
9.8
First published (updated )
CVE-2024-39864

Apache CloudStackApache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance

Risk 28
Severity
6.4
EPSS
0.04%
First published (updated )
CVE-2024-29008

Apache CloudStackApache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences

Risk 36
Severity
7.3
EPSS
0.04%
First published (updated )
CVE-2024-29007

Apache CloudStackApache CloudStack: x-forwarded-for HTTP header parsed by default

Risk 61
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-29006

Apache CloudStackApache CloudStack SAML Single Sign-On XXE

Risk 86
Severity
9.8
First published (updated )
CVE-2022-35741
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203