4.3
CVE-2026-41685 - Incus: Unbounded binary import disk exhaustion
Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can run the Incus server out of disk space, potentially taking down the host system. The impact here is limited for anyone using storage.images_volume and storage.β¦
6.5
CVE-2026-41684 - Incus: Nil Dereferences on Restore via Malformed YAML
Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only falls back to parsing the legacy backup/container/backup.yaml file if result.Config == nil. As a result, an archive can carry a valid inβ¦
5.3
CVE-2026-41648 - Incus: Unbounded YAML Metadata Decode via Parsing
Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when paβ¦
6.5
CVE-2026-41647 - Incus: Nil-Pointer Dereference via S3 Bucket Import
Incus is a system container and virtual machine manager. Prior to version 7.0.0, a missing error handling could lead an authenticated Incus user to cause a daemon crash through the import of a truncated storage bucket backup file. This issue has been patched in version 7.0.0.
9.6
CVE-2026-6795 - Open Redirect in DivvyDrive Information Technologies' DivvyDrive
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
8.8
CVE-2026-5784 - Stored XSS in DivvyDrive Information Technologies' DivvyDrive
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
8.8
CVE-2026-6002 - HTML Injection in DivvyDrive Information Technologies' DivvyDrive
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
0.0
CVE-2026-8094 - Other issue in the WebRTC component
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
8.1
CVE-2026-8093 - Memory safety bugs fixed in Thunderbird 150.0.2
Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2.
8.1
CVE-2026-8092 - Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thunderbird 150.0.2
Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR β¦