Lucene search
K

25 matches found

EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36924

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-kpty-6.25.0-1.fc44

KDE Frameworks 6 tier 2 module providing Pty abstraction...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/27 5:8 p.m.5 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

7.7CVSS6.1AI score0.0018EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 12:16 a.m.4 views

CVE-2026-33898

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. incus webui runs a local web server on a random localhost port. For authentication, i...

8.8CVSS0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 11:16 p.m.4 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS0.0018EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 10:43 p.m.7 views

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/26 10:43 p.m.6 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 10:40 p.m.21 views

CVE-2026-33743 Incus vulnerable to denial of source through crafted bucket backup file

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00385EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/26 10:40 p.m.3 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS5.3AI score0.00385EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/26 10:32 p.m.24 views

CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:32 p.m.4 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/12 9:16 p.m.3 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS0.00488EPSS
Exploits0References21
OSV
OSV
added 2026/01/22 10:16 p.m.5 views

UBUNTU-CVE-2026-23953

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

8.7CVSS7.5AI score0.00471EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/22 8:21 p.m.3 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper validation of environment variable values in the container configuration process. An attacker can execute arbitrary commands as root on the host by injecting newlines into environment variables, which results...

8.7CVSS6.1AI score0.00471EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-28560

Name of the Vulnerable Software and Affected Versions Incus versions prior to 6.23.0 Description Incus, a system container and virtual machine manager, allows instance template files to be used to perform arbitrary read and write operations as root on the host server. The software utilizes pongo2...

9.9CVSS5.9AI score0.00481EPSS
Exploits3References28
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4281

Name of the Vulnerable Software and Affected Versions Incus versions 6.20.0 and below Description Incus is a system container and virtual machine manager. A user with the ability to launch a container with a custom YAML configuration can create an environment variable containing newlines. This ca...

8.7CVSS5.8AI score0.0053EPSS
Exploits2References102
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-14251 · Cleantalk · Cleantalk

Name of the Vulnerable Software and Affected Versions: CleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk versions n/a through 6.20 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. It affects the Spam protection, Anti-Spam, FireWall by...

8.8CVSS5.5AI score0.00241EPSS
Exploits0References6
OSV
OSV
added 2024/01/05 10:15 a.m.5 views

CVE-2023-51535

Cross-Site Request Forgery CSRF vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20...

8.8CVSS7.3AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2023/08/29 4:15 p.m.5 views

CVE-2023-0654

Due to a misconfiguration, the WARP Mobile Client 6.29 for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on...

3.7CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-4017 · Miniorange · Miniorange Oauth Single Sign On – Sso

Name of the Vulnerable Software and Affected Versions: miniOrange OAuth Single Sign On – SSO OAuth Client plugin versions through 6.23.3 Description: The issue is related to an Improper Authentication vulnerability in the miniOrange OAuth Single Sign On – SSO OAuth Client plugin, which allows...

9CVSS8.9AI score0.00958EPSS
Exploits1References9
Rows per page
Query Builder