the centos project

Top products

The 15 most recently published vulnerabilities affecting the centos project.

• CVE-2026-46243smb: client: reject userspace cifs.spnego descriptions7.1Jun 1, 2026
• CVE-2026-43284xfrm: esp: avoid in-place decrypt on shared skb frags8.8May 8, 2026
• CVE-2025-48703CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request....KEV9.0Sep 19, 2025
• CVE-2024-1722Keycloak-core: dos via account lockout3.7Feb 27, 2024
• CVE-2022-44877login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.KEV9.8Jan 5, 2023
• CVE-2021-45467In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a ...9.8Dec 26, 2022
• CVE-2021-45466In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.9.8Dec 26, 2022
• CVE-2022-38473A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird <...8.8Dec 22, 2022
• CVE-2022-2526A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the referenc...9.8Sep 9, 2022
• CVE-2022-2639An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sf...7.8Sep 1, 2022
• CVE-2021-4218A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause ...5.5Aug 24, 2022
• CVE-2022-29154An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories ar...7.4Aug 2, 2022
• CVE-2021-4034A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users acc...KEV7.8Jan 28, 2022
• CVE-2021-23992Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user...4.3Jun 24, 2021
• CVE-2020-15422This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. T...9.8Jul 28, 2020