CVE-2026-40195

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage bucket feature can exploit a missing validation logic in the storage bucket import process. By providing a malicious or malformed index.yaml file that omits the configuratio...

CVE-2026-42608 Grav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the sessionid passed as form-flash-id in POST requests, an unauthenticated attacker can traverse the filesystem to create arbitrary directories an...

Grav 路径遍历漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a path traversal vulnerability. This vulnerabili...

CVE-2026-40195

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup...

Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

PT-2026-37274

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A path traversal issue exists within the FormFlash core component. An unauthenticated attacker can manipulate the session id passed via the form-flash-id parameter in POST requests to traverse th...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the YAML metadata parsing process. An attacker can cause excessive memory consumption and potentially trigger an out-of-memory condition on the server by uploading a crafted image ...

Improper Validation of Consistency within Input

Overview Affected versions of this package are vulnerable to Improper Validation of Consistency within Input through the internalImportFromBackup process in lxd/apiinternal.go. An attacker can create a backup archive with a benign backup/index.yaml and a malicious backup/container/backup.yaml, th...

EUVD-2021-1265

Malware in sbrugna...

EUVD-2024-0709

Malicious code in bioql PyPI...

SUSE CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

CVE-2025-55198

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing malformed or unexpected YAML content, such as a null maintainer, non-strin...

Use of Uninitialized Resource

Overview github.com/helm/helm/pkg/chartutil is a package manager for kubernetes. Affected versions of this package are vulnerable to Use of Uninitialized Resource via improper validation when parsing Chart.yaml and index.yaml files. An attacker can cause a panic in the application by providing...

CVE-2025-55198 Helm May Panic Due To Incorrect YAML Content

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expect...

PT-2025-33103 · Helm · Helm

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.18.5 Description: Helm is a package manager for Charts for Kubernetes. An improper validation of type error when parsing Chart.yaml and index.yaml files can lead to a panic. This issue impacts YAML validation where a...

GHSA-R53H-JV2G-VPX6 Helm's Missing YAML Content Leads To Panic

A Helm contributor discovered uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. Impact When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would occur in Helm. In the Helm SDK this is found when...

CVE-2024-26147

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...