Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache CloudStack — Vulnerabilities & Security Advisories 32

All 32 CVE vulnerabilities found in Apache CloudStack, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2026-25199 Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access CWE-200--2026-05-08
CVE-2026-25077 Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates CWE-94--2026-05-08
CVE-2025-69233 Apache CloudStack: Domain/account resources limits not honored CWE-367 6.5 Medium2026-05-08
CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion CWE-459 8.0 High2026-05-08
CVE-2025-66172 Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to CWE-359--2026-05-08
CVE-2025-66171 Apache CloudStack: Any user can create a new VM from backups they should not have access to CWE-359--2026-05-08
CVE-2025-66170 Apache CloudStack: Any user can list backups that they should not have access to CWE-863--2026-05-08
CVE-2025-59302 Apache CloudStack: Potential remote code execution on Javascript engine defined rules CWE-94 7.2 -2025-11-27
CVE-2025-59454 Apache CloudStack: Lack of user permission validation leading to data leak for few APIs CWE-200 4.3 -2025-11-27
CVE-2025-30675 Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins CWE-200 4.7 Medium2025-06-10
CVE-2025-22829 Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin CWE-269 4.3AIMediumAI2025-06-10
CVE-2025-26521 Apache CloudStack: CKS cluster in project exposes user API keys CWE-200 7.5AIHighAI2025-06-10
CVE-2025-47849 Apache CloudStack: Insecure access of user's API/Secret Keys in the same domain CWE-269 7.2AIHighAI2025-06-10
CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain CWE-269 7.2AIHighAI2025-06-10
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations CWE-200 4.2 -2025-01-13
CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure CWE-20 8.5 High2024-11-12
CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure CWE-20 8.5 High2024-10-16
CVE-2024-45462 Apache CloudStack: Incomplete session invalidation on web interface logout CWE-613 6.3 Medium2024-10-16
CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible CWE-352 8.0 High2024-10-16
CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins CWE-863 7.2AIHighAI2024-08-07
CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access CWE-200 4.3AIMediumAI2024-08-07
CVE-2024-41107 Apache CloudStack: SAML Signature Exclusion CWE-290 9.8 -2024-07-19
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution CWE-94 10.0 -2024-07-05
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled CWE-665 9.1 -2024-07-05
CVE-2024-29008 Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance CWE-20 9.6 -2024-04-04
CVE-2024-29007 Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences CWE-918 8.1 -2024-04-04
CVE-2024-29006 Apache CloudStack: x-forwarded-for HTTP header parsed by default CWE-290 8.1 -2024-04-04
CVE-2022-35741 Apache CloudStack SAML Single Sign-On XXE 9.8 -2022-07-18
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation 8.8 -2022-03-15
CVE-2019-17562 Apache CloudStack baremetal组件输入验证错误漏洞 9.8 -2020-05-14

All 32 known CVE vulnerabilities affecting Apache CloudStack with full Chinese analysis, references, and POCs where available.