Osc Ondemand
7 CVEs affecting Osc Ondemand. Latest disclosed: 2026-05-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66029 | High | 7.6 | 2025-12-17 | Open OnDemand provides remote web access to supercomputers. In versions 4.0.8 and prior, the Apache proxy allows sensitive headers to be passed to origin serve… |
CVE-2025-53636 | Medium | 5.4 | 2025-07-11 | Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create… |
CVE-2025-62724 | Medium | 4.3 | 2025-11-20 | Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" (TOCTOU) attack when downloadi… |
CVE-2026-44371 | | 2026-05-14 | Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the… | |
CVE-2026-26002 | | 2026-03-04 | Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malici… | |
CVE-2025-64185 | | 2025-11-20 | Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open On… | |
CVE-2025-58435 | | 2025-09-09 | Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when Turbo… |