CVE-2026-25077

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

EUVD-2026-28549

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

CVE-2026-25077

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an attacker can register malicious templates to execute arbitrary code on the KVM hosts. This can...

PT-2026-38918

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Account users can register templates for direct download to primary storage when deploying instances using the KVM hypervisor. Due to missing...

@backstage/plugin-scaffolder-backend Vulnerable to Potential Session Token Exfiltration via Log Redaction Bypass

Impact A malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run through task event logs. The attack requires: - The ability to register a template in the catalog - A victim who executes the malicious template Patches Patched in...

PT-2026-23439

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 3.1.4 Description Backstage is a framework for building developer portals. A malicious scaffolder template can bypass the log redaction mechanism, potentially exposing secrets provided through task event logs. The...

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

CVE-2024-50386

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...

AZL-47811 CVE-2024-42269 affecting package kernel for versions less than 6.6.47.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6tablenattableinit. ip6tablenattableinit accesses net-gen-ptrip6tablenatnetops.id, but the function is exposed to user space before the entry is allocated via...