CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

EUVD-2025-32103

Malicious code in bioql PyPI...

EUVD-2025-32098

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-54288

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

UBUNTU-CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

PT-2025-40326

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 5.0 and later Description A Cross-Site Request Forgery CSRF issue exists in LXD-UI. This allows an attacker to create and start container instances without user consent by submitting crafted HTML forms that exploit clien...

PT-2025-40340

Name of the Vulnerable Software and Affected Versions Canonical LXD version 5.0 LTS Description An issue exists in the log file retrieval function that allows authenticated remote attackers to read arbitrary files on the host system. This occurs through crafted log file names or symbolic links. T...