CVE-2026-34178

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An...

SUSE CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

CVE-2026-41684 Incus: Nil Dereferences on Restore via Malformed YAML

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

PT-2026-37148

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description An authenticated user with permissions to import instance backups can crash the Incus daemon using a specially crafted backup archive. The issue occurs because the backup.GetInfo function trusts the...

CVE-2025-66303 Grav is vulnerable to a DOS on the admin panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service DoS vulnerability has been identified in Grav related to the handling of scheduledat parameters. Specifically, the application fails to properly sanitize input for cron expressions. By manipulating the scheduledat...