Lucene search
K

34 matches found

Redos
Redos
added 2025/11/17 12:0 a.m.9 views

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

8.8CVSS7.1AI score0.00541EPSS
Exploits9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32098

Malicious code in bioql PyPI...

7.1CVSS6.4AI score0.00342EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/10/02 11:23 p.m.4 views

SUSE CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

6.5CVSS7.2AI score0.00342EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/02 9:21 p.m.6 views

Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Impact In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a...

7.1CVSS7.8AI score0.00342EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/10/02 9:21 p.m.1 views

GHSA-W2HG-2V4P-VMH6 Canonical LXD Arbitrary File Read via Template Injection in Snapshot Patterns

Impact In LXD's instance snapshot creation functionality, the Pongo2 template engine is used in the snapshots.pattern configuration for generating snapshot names. While code execution functionality has not been found in this template engine, it has file reading capabilities, creating a...

7.1CVSS7.8AI score0.00342EPSS
Exploits1References4
NVD
NVD
added 2025/10/02 10:15 a.m.5 views

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS0.00342EPSS
Exploits1References1
OSV
OSV
added 2025/10/02 10:15 a.m.1 views

DEBIAN-CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

6.5CVSS5.5AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2025/10/02 9:16 a.m.3 views

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS6.1AI score0.00342EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/02 9:16 a.m.1 views

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS6.7AI score0.00342EPSS
Exploits1References1
CVE
CVE
added 2025/10/02 9:16 a.m.25 views

CVE-2025-54287

CVE-2025-54287 affects Canonical LXD (>=4.0) in the instance snapshot creation component. The vulnerability uses the Pongo2 template engine in snapshots.pattern to enable arbitrary file reads on the host when an attacker has instance configuration permissions. Impact is host file disclosure (e...

7.1CVSS6.7AI score0.00342EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2025/10/02 9:16 a.m.4 views

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS5.5AI score0.00342EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2025/10/02 9:16 a.m.5 views

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

7.1CVSS7.2AI score0.00342EPSS
Exploits1
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.7 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD 4.0 and later versions, which stems from a template injection when the instance snapshot creation component uses the Pongo2 template engine, which could result in...

7.1CVSS6.9AI score0.00342EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/10/02 12:0 a.m.3 views

PT-2025-40327

Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.0 and later Description A template injection issue exists in the instance snapshot creation component. An attacker with instance configuration permissions can read arbitrary files on the host system by using specially...

8.8CVSS6.8AI score0.00541EPSS
Exploits7References38
Rows per page
Query Builder