Linux Distros Unpatched Vulnerability : CVE-2026-34178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instanc...

CVE-2026-28384

CVE-2026-28384 : Canonical LXD contains an improper sanitization of the compression_algorithm parameter, allowing an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. Affected: LXD releases 4.12–6.6. Mitigatio...

PT-2026-24958

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.6 Description An improper sanitization of the compression algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API cal...

Cross-Site Request Forgery (CSRF)

github.com/canonical/lxd is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of client-side authentication tokens, which allows an attacker to trigger container creation and startup through crafted HTML form submissions without user consent...

GO-2025-4003 CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd

CSRF Vulnerability When Using Client Certificate Authentication with the LXD-UI in github.com/canonical/lxd...

GO-2025-4001 Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd

Canonical LXD Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server in github.com/canonical/lxd...

GO-2025-4000 Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd...

GO-2025-3999 Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd

Privilege Escalation via WebSocket Connection Hijacking in Operations API in github.com/canonical/lxd...

Linux Distros Unpatched Vulnerability : CVE-2025-54289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions a...

Linux Distros Unpatched Vulnerability : CVE-2025-54291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project...

CVE-2025-54292

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

EUVD-2025-32093

Malicious code in bioql PyPI...

EUVD-2025-32094

Malicious code in bioql PyPI...

EUVD-2025-32099

Malicious code in bioql PyPI...

SUSE CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...

UBUNTU-CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54292

Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names embedded in URL paths...

DEBIAN-CVE-2025-54291

Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses...