Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.11 views

CVE-2026-41654

Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...

8.1CVSS5.7AI score0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 1:8 p.m.23 views

CVE-2026-41684

Summary of CVE-2026-41684 (Incus): An authenticated user who can import instance backups may crash the Incus daemon during restore when a crafted backup archive includes a valid inline backup/index.yaml but a malformed legacy backup.yaml that omits the container section. The vulnerability arises ...

6.5CVSS5.7AI score0.00408EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/05/04 7:45 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:16 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Rows per page
Query Builder