Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/26 11:27 p.m.4 views

CVE-2026-33945

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

9.9CVSS5.9AI score0.00447EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 11:27 p.m.4 views

CVE-2026-33945 Abitrary file write through systemd-creds option

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

9.9CVSS6AI score0.00447EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/03/26 11:27 p.m.4 views

CVE-2026-33945

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

9.9CVSS5.7AI score0.00447EPSS
Exploits0
OSV
OSVadded 2026/03/26 11:27 p.m.2 views

CVE-2026-33945 Abitrary file write through systemd-creds option

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like...

9.9CVSS6AI score0.00447EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 11:26 p.m.3 views

CVE-2026-33743

A flaw was found in Incus, a system container and virtual machine manager. A user with access to Incus' storage bucket feature can exploit this vulnerability by using a specially crafted storage bucket backup. This can cause the Incus daemon to crash, leading to a denial of service of the control...

6.5CVSS5.7AI score0.00385EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/03/26 11:26 p.m.5 views

CVE-2026-33897

A flaw was found in Incus, a system container and virtual machine manager. An attacker with control over instance template files can exploit a vulnerability in the pongo2 templating engine. This flaw allows for arbitrary read or write operations as the root user on the host server by bypassing th...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/03/26 11:26 p.m.2 views

CVE-2026-33711

A flaw was found in Incus, a system container and virtual machine manager. A local attacker could exploit a vulnerability in the API responsible for retrieving VM screenshots. By creating symbolic links symlinks in predictable temporary file paths, an attacker could trick Incus into truncating an...

5.7CVSS5.9AI score0.0035EPSS
Exploits1References4
CVE
CVEadded 2026/03/26 11:25 p.m.13 views

CVE-2026-33898

CVE-2026-33898 affects the Incus web UI local web server. Prior to v6.23.0, the server incorrectly validates the authentication token when provided in the URL, while the cookie stores the token correctly. An attacker who can access the temporary localhost web server can gain the same access as th...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/03/26 11:25 p.m.31 views

CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS0.00347EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/26 11:25 p.m.3 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/26 11:25 p.m.2 views

CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS6AI score0.00347EPSS
Exploits0References1
OSV
OSVadded 2026/03/26 11:25 p.m.4 views

CVE-2026-33898 Local Incus UI web server vulnerable to nuthentication bypass

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/03/26 11:25 p.m.5 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS5.7AI score0.00347EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/03/26 11:21 p.m.1 views

CVE-2026-33542

A flaw was found in Incus, a system container and virtual machine manager. A remote attacker could exploit a lack of validation of image fingerprints when downloading from simplestreams image servers. This vulnerability, under specific conditions, could lead to image cache poisoning, allowing an...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References4
OSV
OSVadded 2026/03/26 11:16 p.m.5 views

DEBIAN-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS5.5AI score0.00481EPSS
Exploits0References1
NVD
NVDadded 2026/03/26 11:16 p.m.1 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS0.0018EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 11:16 p.m.4 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00385EPSS
Exploits1References1
NVD
NVDadded 2026/03/26 11:16 p.m.5 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS0.00481EPSS
Exploits0References1
OSV
OSVadded 2026/03/26 11:16 p.m.0 views

DEBIAN-CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.3AI score0.00385EPSS
Exploits1References1
OSV
OSVadded 2026/03/26 11:16 p.m.2 views

DEBIAN-CVE-2026-33711

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable...

7.8CVSS5.6AI score0.0035EPSS
Exploits1References1
Rows per page
Query Builder