GHSA-472F-VMF2-PR3H Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function

Impact Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instancelogs.go in the LXD 5.0 LTS series. This vulnerability was fixed in PR 15022 in February 2025, and is fixed in at least LX...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287 Arbitrary File Read via Template Injection in Snapshot Patterns

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

CVE-2025-54287

CVE-2025-54287 affects Canonical LXD (>=4.0) in the instance snapshot creation component. The vulnerability uses the Pongo2 template engine in snapshots.pattern to enable arbitrary file reads on the host when an attacker has instance configuration permissions. Impact is host file disclosure (e...

CVE-2025-54287

Template Injection in instance snapshot creation component in Canonical LXD = 4.0 allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine...

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

...

A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue as the module is handling the parameter insecurely, leading to the password leaking in the logs.

...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-43827

CVE-2025-43827 affects Liferay Portal 7.4.0–7.4.3.117 and Liferay DXP 2024.Q1.1–2024.Q1.5, 2023.Q4.x, 2023.Q3.x, and 7.4 GA through update 92. The issue is an Insecure Direct Object Reference (IDOR) where improper access control on com_liferay_portal_security_audit_web_portlet_AuditPortlet_auditE...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-43827

Insecure Direct Object Reference IDOR vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported...

CVE-2025-59950

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection confirmation dialog, it is possible to trick the admin into clicking the Promote button in another user's management page after the admin double clicks on a button...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

Migrating Veeam Kasten for Kubernetes to the Red Hat Certified Operators Catalog

Challenge One or more of the following symptoms may be observed in a Red Hat OpenShift environment running Veeam Kasten for Kubernetes : Upgrades are no longer available for the Veeam Kasten operator installed from the Red Hat Operator Marketplace catalog. Veeam Kasten Enterprise - Term or Veeam...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can add notes to orders in a different virtual instance by specifying the targe...

GHSA-F372-9RCJ-8W2C Liferay Portal and DXP allows users to add a note to a different virtual instance

Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...

Jenkins User Registration Form Detected

Jenkins is an open-source automation server used to automate various aspects of software development, including building, testing, and deploying applications. An internal only Jenkins instance may be misconfigured to allow user registration, potentially leading to attackers creating accounts and...