Lucene search
K

112 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:23 p.m.35 views

CVE-2026-28385 SSRF via image import from URL allows internal network probing by authenticated users

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:23 p.m.10 views

CVE-2026-28385

CVE-2026-28385 : Canonical LXD 4.12–6.9 contains an SSRF in image import from URL sources. Authenticated users with the can_create_images entitlement can leverage the /images endpoint to trigger outbound requests from the LXD daemon, failing to validate or restrict destinations. This allows conta...

5CVSS5.8AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39805

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.6 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 4:23 p.m.7 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits0
Snyk
Snyk
added 2026/06/19 7:34 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the group parsing process. An attacker can cause memory exhaustion and disrupt the container runtime API by supplying a maliciously crafted image that triggers unbounded parsing,...

6.9CVSS5.9AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.10 views

CVE-2026-7542

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via the adminfoote...

6.5CVSS0.00252EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 7:49 a.m.7 views

CVE-2026-7542 Slider Revolution 7.0 - 7.0.10 - Authenticated (Subscriber+) Sensitive Information Disclosure

The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions 7.0 to 7.0.10. This is due to three compounding design flaws: 1 the plugin leaks a valid backend AJAX nonce revslideractions to all authenticated users including Subscribers via the adminfoote...

6.5CVSS5.3AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Containerd

Containerd is an open-source container runtime. Prior to versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where no limit was applied could cause a denial of service. This bug ha...

6.2CVSS6.3AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/14 6:26 p.m.7 views

Server-side Request Forgery (SSRF)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

8.5CVSS5.9AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-41154

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.1 Description An authenticated server-side request forgery SSRF exists in the rich-text widget import flow. An authenticated user with permissions to submit or edit rich-text widget content can force the...

7.6CVSS5.3AI score0.00197EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/12 7:38 p.m.8 views

CVE-2026-35527

A flaw was found in Incus, an open-source container and virtual machine manager. An authenticated user can exploit this vulnerability by supplying a malicious URL during the image import process. Before project restrictions are applied, Incus makes a blind HEAD request to the user-supplied URL,...

5.3CVSS5.7AI score0.00271EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:20 a.m.10 views

SUSE CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS5.8AI score0.00271EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 9:16 p.m.6 views

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 7:56 p.m.30 views

CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS0.00271EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 7:56 p.m.12 views

CVE-2026-35527

Incus (pre-7.0.0) is vulnerable to a blind SSRF via image import preflight HEAD requests. An authenticated user can coerce the daemon to issue a host-originated HEAD request to a user-supplied URL before policy checks complete, exposing server metadata in headers (Incus-Server-Architectures, Incu...

5.3CVSS5.8AI score0.00271EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:56 p.m.9 views

CVE-2026-35527 Incus blind SSRF via image import preflight HEAD request

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS5.8AI score0.00271EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:56 p.m.5 views

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

6.4CVSS5.8AI score0.00271EPSS
Exploits2References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/05 7:56 p.m.16 views

CVE-2026-35527

Incus is an open source container and virtual machine manager. In versions prior to 7.0.0, the image import flow issues an outbound HEAD request to a user-supplied URL before validating the request against project restrictions such as restricted.images.servers. The imgPostURLInfo function...

5.3CVSS5.8AI score0.00271EPSS
Exploits1
Rows per page
Query Builder