24h | 7d | 30d

CVE-2025-55315

Overview

  • Microsoft
  • ASP.NET Core 2.3
14 Oct 2025
Published
22 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.9)
EPSS
0.20%
KEV

Description

Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-010
WAGO: Multiple Vulnerabilities in WAGO Solution Builder and WAGO Device Sphere

Multiple vulnerabilities have been identified in WAGO Solution Builder and WAGO Device Sphere that affect components responsible for authentication and system communication.
CVE-2025-55315, CVE-2026-2328

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-4368

Overview

  • NetScaler
  • ADC
23 Mar 2026
Published
24 Mar 2026
Updated
CVSS v4.0
HIGH (7.7)
EPSS
0.02%
KEV

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Statistics

  • 1 Post
Last activity: 2 hours ago

Bluesky

Profile picture fallback
OpsMatters @opsmatters.com
The latest update for #CyCognito includes "Emerging Threat: F5 BIG-IP Access Policy Manager Remote Code Execution (CVE-2025-53521)" and "Citrix NetScaler ADC and Gateway Vulnerabilities (CVE-2026-3055 & CVE-2026-4368)". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 2h ago

CVE-2026-33711

Overview

  • lxc
  • incus
26 Mar 2026
Published
27 Mar 2026
Updated
CVSS v4.0
MEDIUM (4.7)
EPSS
0.01%
KEV

Description

Incus is a system container and virtual machine manager. Incus provides an API to retrieve VM screenshots. That API relies on the use of a temporary file for QEMU to write the screenshot to which is then picked up and sent to the user prior to deletion. As versions prior to 6.23.0 use predictable paths under /tmp for this, an attacker with local access to the system can abuse this mechanism by creating their own symlinks ahead of time. On the vast majority of Linux systems, this will result in a "Permission denied" error when requesting a screenshot. That's because the Linux kernel has a security feature designed to block such attacks, `protected_symlinks`. On the rare systems with this purposefully disabled, it's then possible to trick Incus intro truncating and altering the mode and permissions of arbitrary files on the filesystem, leading to a potential denial of service or possible local privilege escalation. Version 6.23.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-33542

Overview

  • lxc
  • incus
26 Mar 2026
Published
30 Mar 2026
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.04%
KEV

Description

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker controlled images rather than the expected one. Version 6.23.0 patches the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-33897

Overview

  • lxc
  • incus
26 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.05%
KEV

Description

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem. This was allowed such that a template could theoretically read a file and then generate a new version of said file. Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges. Version 6.23.0 patches the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-33945

Overview

  • lxc
  • incus
26 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
CRITICAL (10.0)
EPSS
0.06%
KEV

Description

Incus is a system container and virtual machine manager. Incus instances have an option to provide credentials to systemd in the guest. For containers, this is handled through a shared directory. Prior to version 6.23.0, an attacker can set a configuration key named something like `systemd.credential.../../../../../../root/.bashrc` to cause Incus to write outside of the `credentials` directory associated with the container. This makes use of the fact that the Incus syntax for such credentials is `systemd.credential.XYZ` where `XYZ` can itself contain more periods. While it's not possible to read any data this way, it's possible to write to arbitrary files as root, enabling both privilege escalation and denial of service attacks. Version 6.23.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-33743

Overview

  • lxc
  • incus
26 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
MEDIUM (6.5)
EPSS
0.04%
KEV

Description

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a specially crafted storage bucket backup can be used by an user with access to Incus' storage bucket feature to crash the Incus daemon. Repeated use of this attack can be used to keep the server offline causing a denial of service of the control plane API. This does not impact any running workload, existing containers and virtual machines will keep operating. Version 6.23.0 fixes the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-33898

Overview

  • lxc
  • incus
26 Mar 2026
Published
30 Mar 2026
Updated
CVSS v3.1
HIGH (8.8)
EPSS
0.06%
KEV

Description

Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token. When accessed with that token, Incus creates a cookie persisting that token without needing to include it in subsequent HTTP requests. While the Incus client correctly validates the value of the cookie, it does not correctly validate the token when passed int the URL. This allows for an attacker able to locate and talk to the temporary web server on localhost to have as much access to Incus as the user who ran `incus webui`. This can lead to privilege escalation by another local user or an access to the user's Incus instances and possibly system resources by a remote attack able to trick the local user into interacting with the Incus UI web server. Version 6.23.0 patches the issue.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 11 hours ago

Fediverse

Profile picture fallback
Stéphane Graber's website @blog

Announcing Incus 6.23

The Incus team is pleased to announce the release of Incus 6.23!

This release is going to be our last 6.x release before Incus 7.0 LTS which is due out on April 30th.

It’s also quite a busy release with a good mix of security issues (mostly thanks to an ongoing analysis by 7asecurity), bug fixes and performance improvements and then a very good selection of features from expanding our OS support for VMs to adding more flexible instance storage with dependent volumes!

[🖼 stgraber.org/wp-content/upload…]

This fixes the following security issues:

On the feature front, the highlights for this release are:

  • Dependent storage volumes
  • FreeBSD VM support
  • Reworked CLI parser
  • Support for disabling DHCP announcement of the gateway
  • Support for ipv4.dhcp.gateway on OVN networks
  • Support for io.bus on OVN NICs
  • VM agent lifecycle events
  • Reworked incus file pull and incus storage volume file pull
  • Project related metrics
  • Instance low-level repair API

The full announcement and changelog can be found here.
And for those who prefer videos, here’s the release overview video:

https://www.youtube.com/watch?v=PGo03etJsMY

You can take the latest release of Incus up for a spin through our online demo service at: https://linuxcontainers.org/incus/try-it/

And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: https://zabbly.com/incus

Donations towards my work on this and other open source projects is also always appreciated, you can find me on Github Sponsors, Patreon and Ko-fi.

Enjoy!

  • 1
  • 0
  • 0
  • 11h ago

CVE-2026-30935

Overview

  • ImageMagick
  • ImageMagick
09 Mar 2026
Published
10 Mar 2026
Updated
CVSS v3.1
MEDIUM (4.4)
EPSS
0.01%
KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect conversion. When processing a crafted image with the -bilateral-blur operation an out of bounds read can occur. This vulnerability is fixed in 7.1.2-16.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub

The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 21h ago

CVE-2026-25798

Overview

  • ImageMagick
  • ImageMagick
24 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.15%
KEV

Description

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch.

Statistics

  • 1 Post
Last activity: 21 hours ago

Fediverse

Profile picture fallback
CERT@VDE @certvde

VDE-2026-021
WAGO: Multiple Vulnerabilities in WAGO VC Hub

The VC Hub incorporates the Magick.NET‑Q16‑AnyCPU component, derived from ImageMagick, to process user‑uploaded images and generate thumbnails within the projects image library. Only authenticated users with the Design Project Permission can upload images.
CVE-2026-25983, CVE-2026-25897, CVE-2026-25987, CVE-2026-25898, CVE-2026-25794, CVE-2026-28693, CVE-2026-25966, CVE-2026-30929, CVE-2026-28691, CVE-2026-26283, CVE-2026-26066, CVE-2026-25989, CVE-2026-25988, CVE-2026-25985, CVE-2026-25969, CVE-2026-25967, CVE-2026-25965, CVE-2026-25799, CVE-2026-25798, CVE-2026-25796, CVE-2026-25795, CVE-2026-24485, CVE-2026-24481, CVE-2026-28494, CVE-2026-30937, CVE-2026-30931, CVE-2026-28686, CVE-2026-28690, CVE-2026-28493, CVE-2026-28689, CVE-2026-30883, CVE-2026-31853, CVE-2026-30936, CVE-2026-28687, CVE-2026-28688, CVE-2026-26983, CVE-2026-25797, CVE-2026-25638, CVE-2026-25637, CVE-2026-24484, CVE-2026-25576, CVE-2026-28692, CVE-2026-30935, CVE-2026-27799, CVE-2026-27798

certvde.com/en/advisories/vde-

wago.csaf-tp.certvde.com/.well

  • 0
  • 0
  • 0
  • 21h ago
Showing 31 to 40 of 83 CVEs