4 matches found
CVE-2026-41654
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission default on hosted Weblate SaaS and for any user holding an active billing/trial plan can import a crafted project backup ZIP whose components/.json contains an attacker-chosen repo...
CVE-2026-41684
Summary of CVE-2026-41684 (Incus): An authenticated user who can import instance backups may crash the Incus daemon during restore when a crafted backup archive includes a valid inline backup/index.yaml but a malformed legacy backup.yaml that omits the container section. The vulnerability arises ...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...