Server-Side Template Injection

github.com/lxc/lxd is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to improper handling of snapshot pattern templates using the Pongo2 template engine, which allows an attacker with instance-configuration permissions to craft malicious templates and read arbitrary...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

EUVD-2024-0411

Malicious code in bioql PyPI...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287

CVE-2025-54287 affects Canonical LXD (>=4.0) in the instance snapshot creation component. The vulnerability uses the Pongo2 template engine in snapshots.pattern to enable arbitrary file reads on the host when an attacker has instance configuration permissions. Impact is host file disclosure (e...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

Liferay Portal has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "CDN Host HTTP" or "CDN Host HTTPS" text fields in the Instance Configuration. An attacker can execute arbitrary web scripts in the context of all pages by injecting a crafted payload into these fields...

GHSA-R45V-2289-JGR4 Liferay Portal has stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attacke...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...

CVE-2025-43794

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Design/Logic Flaw

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance

Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message...

Backup error: "The instance configuration for this AWS Marketplace product is not supported."

Challenge The backup of an EC2 instance fails with the following error: Processing "instance-name" failed: The instance configuration for this AWS Marketplace product is not supported. Please see the AWS Marketplace site for more information about supported instance types, regions, and operating...

OPENSUSE-SU-2019:1913-1 Security update for mariadb, mariadb-connector-c

This update for mariadb and mariadb-connector-c fixes the following issues: mariadb: - Update to version 10.2.25 bsc1136035 - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker bsc1136035. - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker...

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

[USN-2325-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-2325-1 August 21, 2014 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...