EUVD-2026-16771

Flannel has cross-node remote code execution via extension backend BackendData injection...

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-32241

CVE-2026-32241 – Flannel extension backend command injection . The vulnerability affects Flannel prior to v0.28.2 when using the experimental Extension backend. The SubnetAddCommand and SubnetRemoveCommand take attacker-controlled data from the Kubernetes Node annotation flannel.alpha.coreos.com/...

PT-2026-28434

Name of the Vulnerable Software and Affected Versions Flannel versions prior to 0.28.2 Description Flannel, a network fabric for containers designed for Kubernetes, contains a command injection issue in its experimental Extension backend. An attacker who can set Kubernetes Node annotations can...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

phpIPAM SQL注入漏洞

phpIPAM is an open-source IP address management application IPAM based on PHP and MySQL. Versions of phpipam 1.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file app/admin/sections/edit-result.php, specifically the...

EulerOS Virtualization 2.12.0 : unbound (EulerOS-SA-2026-1524)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...

CVE-2026-4189 phpipam Section edit-result.php sql injection

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

PT-2026-25562

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

openSUSE 16 Security Update : kea (openSUSE-SU-2026:20341-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20341-1 advisory. Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801. Tenable has...

OPENSUSE-SU-2026:20341-1 Security update for kea

This update for kea fixes the following issues: Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801...

express-rate-limit 安全漏洞

Express-Rate-Limit is a request frequency limiting middleware developed by Express Rate Limit. Versions prior to 8.0.0, 8.1.1, 8.2.2, and 8.3.0 of Express-Rate-Limit have security vulnerabilities. These vulnerabilities stem from the improper application of subnet masks by the default key generato...

express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...

GHSA-46WH-PXPV-Q5GQ express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network

Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...