689 matches found
PT-2026-28434
Name of the Vulnerable Software and Affected Versions Flannel versions prior to 0.28.2 Description Flannel, a network fabric for containers designed for Kubernetes, contains a command injection issue in its experimental Extension backend. An attacker who can set Kubernetes Node annotations can...
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
EUVD-2026-12249
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
EulerOS Virtualization 2.12.0 : unbound (EulerOS-SA-2026-1524)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...
phpIPAM SQL注入漏洞
phpIPAM is an open-source IP address management application IPAM based on PHP and MySQL. Versions of phpipam 1.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file app/admin/sections/edit-result.php, specifically the...
CVE-2026-4189
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2026-4189 phpipam Section edit-result.php sql injection
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2026-4189 phpipam Section edit-result.php sql injection
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
CVE-2026-4189
CVE-2026-4189 affects phpipam up to version 1.7.4. The vulnerability lies in the file app/admin/sections/edit-result.php (Section Handler) where manipulating the subnetOrdering argument can lead to SQL injection. The issue enables remote attack potential and has publicly available exploit code. V...
PT-2026-25562
A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...
openSUSE 16 Security Update : kea (openSUSE-SU-2026:20341-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20341-1 advisory. Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801. Tenable has...
OPENSUSE-SU-2026:20341-1 Security update for kea
This update for kea fixes the following issues: Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection bsc1248801...
express-rate-limit 安全漏洞
Express-Rate-Limit is a request frequency limiting middleware developed by Express Rate Limit. Versions prior to 8.0.0, 8.1.1, 8.2.2, and 8.3.0 of Express-Rate-Limit have security vulnerabilities. These vulnerabilities stem from the improper application of subnet masks by the default key generato...
GHSA-46WH-PXPV-Q5GQ express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network
Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network
Summary The default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. This includes IPv4-mapped IPv6 addresses ::ffff:x.x.x.x, which Node.js returns as request.ip on dual-stack servers. Because the first 80 bits of all...
CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...
CVE-2026-26990 LibreNMS has Time-Based Blind SQL Injection in address-search.inc.php
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address parameter. When a crafted subnet prefix is supplied, the prefix value is concatenated directly int...
ISC BIND 9.11.3-S1 < 9.18.38-S1 / 9.18.11-S1 < 9.18.38-S1 / 9.20.9-S1 < 9.20.11-S1 Vulnerability (cve-2025-40776)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40776 advisory. - A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning...
CVE-2026-2152
Summary: CVE-2026-2152 affects D-Link DIR-615 v4.10 (Web Configuration Interface). The vulnerability is in adv_routing.php; manipulating dest_ip, submask, or gw leads to OS command injection. It is remotely exploitable and the exploit has been publicized. Affected products are no longer maintaine...