CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

RedhatCVE•added 2026/05/15 12:57 p.m.•9 views

CVE-2026-41684

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with permissions to import instance backups could craft a malicious backup archive. This archive, containing a valid inline configuration but a malformed legacy backup file, could cause the Incus daem...

6.5CVSS5.8AI score0.00027EPSS

Exploits1References2

RedhatCVE•added 2026/05/12 7:38 p.m.•6 views

CVE-2026-40251

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage volume feature can exploit missing validation logic in the storage volume import process or an out-of-bounds panic vulnerability in the backup restore subsystem. By submitti...

7.1CVSS5.8AI score0.00018EPSS

Exploits0References2

SUSE CVE•added 2026/05/08 2:22 a.m.•5 views

SUSE CVE-2026-40197

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem...

7.1CVSS5.8AI score0.00062EPSS

Exploits0References3

SUSE CVE•added 2026/05/08 2:21 a.m.•4 views

SUSE CVE-2026-41684

Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid...

6.5CVSS5.7AI score0.00027EPSS

Exploits1References3

ATTACKERKB•added 2026/05/06 8:36 p.m.•2 views

CVE-2026-40197

7.1CVSS5.8AI score0.00062EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/05/06 8:36 p.m.•5 views

CVE-2026-40197

7.1CVSS5.8AI score0.00062EPSS

Exploits0

Snyk•added 2026/05/04 7:16 p.m.•2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through improper bounds checking in the CreateInstanceFromBackup and CreateInstanceFromMigration functions. An attacker can cause the daemon to crash by submitting a crafted backup archive with physical snapshot...

7.1CVSS5.8AI score0.00018EPSS

Exploits0References2

Positive Technologies•added 2026/05/04 12:0 a.m.•6 views

PT-2026-37137

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Missing error handling in the TransferManager.UploadAllFiles function allows an authenticated user to cause a daemon crash. The issue occurs during the import of a truncated or corrupted storage bucket...

6.5CVSS5.9AI score0.00021EPSS

Exploits1References5

Fedora•added 2026/04/20 1:6 a.m.•10 views

[SECURITY] Fedora 42 Update: incus-6.23-3.fc42

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

9.9CVSS8.2AI score0.00061EPSS

Exploits5

EUVD•added 2026/03/27 5:12 p.m.•2 views

EUVD-2026-16464

Incus vulnerable to denial of source through crafted bucket backup file...

6.5CVSS5.9AI score0.00022EPSS

Exploits1References4

NVD•added 2026/03/26 11:16 p.m.•2 views

CVE-2026-33743

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a...

6.5CVSS0.00022EPSS

Exploits1References1

ATTACKERKB•added 2026/03/26 10:40 p.m.•2 views

CVE-2026-33743

6.5CVSS5.8AI score0.00022EPSS

Exploits1References2Affected Software1

AlpineLinux•added 2026/03/26 10:40 p.m.•5 views

CVE-2026-33743

6.5CVSS5.8AI score0.00022EPSS

Exploits1References1