CVE-2026-1974 Free5GC SMF datapath.go ResolveNodeIdToIp denial of service

A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit is publicly available and...

Node address isn't always verified when proxying

...

DEBIAN-CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415...

CVE-2022-3294 Node address isn't always verified when proxying

Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to...

The vulnerability of the Kube API-server of the Kubernetes cluster management software allows a attacker to execute arbitrary requests.

The vulnerability of the Kube API-server of the Kubernetes cluster management software is related to errors in checking node addresses. Exploiting this vulnerability allows a remote attacker to execute arbitrary requests...