CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

EUVD-2026-32955

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

EUVD-2026-32974

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-44797

Nautobot fixes CVE-2026-44797: the Webhook data model could be configured by users with sufficient access to issue requests to internal hosts/IPs, enabling SSRF-like behavior. Affected versions prior to 2.4.33 and 3.1.2 are impacted; remediation is to upgrade Nautobot to 2.4.33 or 3.1.2 or newer....

CVE-2026-44797 Nautobot: Webhook definitions could be used for server-side request forgery (SSRF)

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

CVE-2026-44798

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

EUVD-2026-32973

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

GHSA-P3HX-PWF3-J8WR Nautobot: GitRepository.current_head field should not be writable through REST API

Impact A user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause Nautobot's local clones of the relevant repository to checkout a commit other than the latest...

Server-side Request Forgery (SSRF)

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Webhook process. An attacker can access internal or restricted network resources by configuring webhooks to send requests to...

GHSA-WPXJ-44W3-2J6X Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...

Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...

Missing Authorization

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Missing Authorization in the GenericForeignKey process. An attacker can associate objects with unauthorized resources by supplying the UUIDs of objects they do not have...

Apache 2.4.x < 2.4.33 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.33. It is, therefore, affected by the following vulnerabilities: - An out-of-bounds write flaw exists within the derivecodepagefromlang function of the modules/aaa/modauthnzldap.c script due to imprope...

AnimaxTechnology.in India Web Design 1.0 SQL Injection

Exploit Title : AnimaxTechnology.in India Web Design 1.0 SQL Injection Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepage : animaxtechnology.in Tested On : Windows and Linux Exploit Risk : Medium Version Information : Apache 2.4.33 - OpenSSL 1.0.2o CWE : CWE-89 Improper...

Apache HTTP Server 'mod_md' Denial of Service Vulnerability - Windows

Apache HTTP Server is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 28 Update: httpd-2.4.33-2.fc28

The Apache HTTP Server is a powerful, efficient, and extensible web server...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...

Apache 2.4.x < 2.4.33 Multiple Vulnerabilities (deprecated)

This plugin has been deprecated due to apache2433.nasl plugin ID 122060 performing the same version check. Use apache2433.nasl plugin ID 122060 instead. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2019/10/21. Deprecated by apache2433.nasl plugin ID 122060. include"compat.inc"; if...