Horizon

This hub aggregates every CVE we track for Horizon, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Horizon.

• CVE-2026-55748OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security harden...6.0Jun 17, 2026
• CVE-2026-43002An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauth...5.3May 5, 2026
• CVE-2026-22420WordPress Horizon theme <= 1.1 - Local File Inclusion vulnerability8.1Mar 5, 2026
• CVE-2023-40314Cross-site scripting in bootstrap.jsp5.8Nov 16, 2023
• CVE-2023-40612Authenticated XXE Injection Via The File Editor5.3Aug 23, 2023
• CVE-2022-45582Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.6.1Aug 22, 2023
• CVE-2023-40315ROLE_FILESYSTEM_EDITOR Can Be Used To Escalate To ROLE_ADMIN5.3Aug 17, 2023
• CVE-2023-40313Disable BeanShell Interpreter Remote Server Mode7.1Aug 17, 2023
• CVE-2023-40312Reflected XSS in multiple JSP files in opennms/opennms6.7Aug 14, 2023
• CVE-2023-40311Stored XSS in multiple JSP files in opennms/opennms6.7Aug 14, 2023
• CVE-2023-0872ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users8.2Aug 14, 2023
• CVE-2023-0871An XML External Entity injection vulnerability5.4Aug 11, 2023
• CVE-2023-0870Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)8.1Mar 22, 2023
• CVE-2023-0815Plaintext Password Present in the Web logs6.8Feb 23, 2023
• CVE-2023-0867Multiple stored and reflected Cross-site Scripting in webapp6.7Feb 23, 2023