EUVD-2026-16771

Flannel has cross-node remote code execution via extension backend BackendData injection...

GHSA-VCHX-5PR6-FFX2 Flannel has cross-node remote code execution via extension backend BackendData injection

Background The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. This backend uses shell commands stored in Kubernetes annotations to configure network connectivity on the node. Note: consumers are only affected by this vulnerabili...

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

CVE-2026-32247

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...

Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabels were concatenated directly into Cypher label expressions without validation. In...

PT-2026-25057

Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node labels were concatenated directly into Cypher label expressions without validation. I...

Graphiti 安全漏洞

Graphiti is a framework developed by Zep for building temporal context graphs for AI agents. Versions of Graphiti prior to 0.28.2 contained security vulnerabilities. These vulnerabilities stemmed from Cypher injections in the shared search filter construction that occurs outside of the Kuzu...

RUSTSEC-2026-0013 Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up

PyO3 0.28.1 added support for pyclassextends=PyList struct NativeSub and other native types when targeting Python 3.12 and up with the abi3 feature. It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within...

Azure Linux 3.0 Security Update: exiv2 (CVE-2024-24826)

The version of exiv2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24826 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of...

Azure Linux 3.0 Security Update: exiv2 (CVE-2024-25112)

The version of exiv2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25112 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of...

Azure Linux 3.0 Security Update: exiv2 (CVE-2024-39695)

The version of exiv2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39695 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of...

Amazon Linux 2 : exiv2 (ALAS-2025-2728)

The version of exiv2 installed on the remote host is prior to 0.27.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2728 advisory. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. ...

CVE-2024-32034 Cross-site scripting (XSS) in the decidim admin activity log

decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting XSS attach in case an admin assigns a valuator to a proposal, or does any other action that generates an admi...

PT-2024-24369 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.7 Decidim versions prior to 0.28.2 Description: The admin panel of Decidim is subject to potential Cross-site scripting XSS attacks when an admin assigns a valuator to a proposal or performs any other action tha...

Exiv2 Security Vulnerability

Exiv2 is a suite of C++ libraries and command line applications for managing image metadata from the individual developer Andreas Huggel. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A security vulnerability exists in Exiv...

SUSE CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

DEBIAN-CVE-2024-25112

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...

PYSEC-2024-107

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function,...