openSUSE 16 Security Update : kea (openSUSE-SU-2026:20341-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20341-1 advisory. Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801. Tenable has...

OPENSUSE-SU-2026:20341-1 Security update for kea

This update for kea fixes the following issues: Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801...

express-rate-limit 安全漏洞

Express-Rate-Limit is a request frequency limiting middleware developed by Express Rate Limit. Versions prior to 8.0.0, 8.1.1, 8.2.2, and 8.3.0 of Express-Rate-Limit have security vulnerabilities. These vulnerabilities stem from the improper application of subnet masks by the default key generato...

GHSA-46WH-PXPV-Q5GQ express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...

express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...

CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...

ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...

CVE-2026-2152

Summary: CVE-2026-2152 affects D-Link DIR-615 v4.10 (Web Configuration Interface). The vulnerability is in adv_routing.php; manipulating dest_ip, submask, or gw leads to OS command injection. It is remotely exploitable and the exploit has been publicized. Affected products are no longer maintaine...

PT-2026-6980

Name of the Vulnerable Software and Affected Versions D-Link DIR-615 version 4.10 Description A flaw exists within the Web Configuration Interface of the D-Link DIR-615, specifically in the adv routing.php file. Manipulation of the dest ip, submask, and gw arguments can lead to os command...

ManageEngine OpManager Stored XSS in Subnet Details (CVE-2025-9226)

The version of ManageEngine OpManager running on the remote web server is below 128465 / 128570 / 128582. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in the subnet details functionality. An authenticated, low-privileged user with permission to modify subnet detai...

CVE-2025-9226

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

EulerOS Virtualization 2.10.1 : unbound (EulerOS-SA-2026-1149)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

EulerOS Virtualization 2.10.0 : unbound (EulerOS-SA-2026-1201)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

CVE-2025-9226

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

CVE-2025-9226 Stored XSS

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

CVE-2025-9226

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

EUVD-2025-206580

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

CVE-2025-9226 Stored XSS

Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details...

CVE-2025-9226

The CVE-2025-9226 issue affects ManageEngine OpManager, NetFlow Analyzer, and OpUtils prior to version 128582; Nessus & Red Hat/other feeds corroborate a stored XSS in the Subnet Details page. The vulnerability arises from an authenticated, low-privilege user who can modify subnet details, enabli...