Lucene search
+L

19 matches found

osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...

3.7CVSS5.8AI score0.00628EPSS
Exploits0References11
euvd
euvd
added 2026/06/25 6:34 p.m.16 views

EUVD-2026-31483

amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:19 p.m.12 views

CVE-2026-9291

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS6.3AI score0.0038EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/22 6:12 p.m.13 views

CVE-2026-9291 Insecure Deserialization in Amazon Braket SDK Job Results Processing

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS6.4AI score0.0038EPSS
Exploits0References3
osv
osv
added 2026/05/22 6:12 p.m.4 views

CVE-2026-9291 Insecure Deserialization in Amazon Braket SDK Job Results Processing

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS6.6AI score0.0038EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/22 6:12 p.m.15 views

CVE-2026-9291 Insecure Deserialization in Amazon Braket SDK Job Results Processing

Insecure deserialization in the job results processing component in Amazon Braket SDK before 1.117.0 might allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on any machine that processes job results. We recommend you upgrade to...

7.5CVSS0.0038EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/22 12:0 a.m.28 views

PT-2026-42823

Name of the Vulnerable Software and Affected Versions Amazon Braket SDK versions prior to 1.117.0 Description Insecure deserialization in the job results processing component may allow a remote authenticated user with S3 write access to the job output bucket to achieve arbitrary code execution on...

7.5CVSS6.5AI score0.0038EPSS
Exploits0References15
cnnvd
cnnvd
added 2026/05/22 12:0 a.m.12 views

amazon-braket-sdk-python 安全漏洞

Amazon Braket SDK Python is a Python development toolkit for Amazon Braket’s open-source quantum computing service. Versions of Amazon Braket SDK Python prior to 1.117.0 contained a security vulnerability. This vulnerability stemmed from an insecure deserialization mechanism in the job result...

7.5CVSS6.2AI score0.0038EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0291

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00414EPSS
Exploits0References3
veracode
veracode
added 2023/11/22 5:52 a.m.15 views

Clear Text Credentials Exposure

Nautobot Device Onboarding is vulnerable to Clear Text Credentials Exposure. The vulnerability is due to credentials being visible via the Job Results view under the Additional Data tab as arguments for Celery Task execution when creating an OnboardingTask. As a result the attacker is exposed to...

6.5CVSS6.7AI score0.00414EPSS
Exploits0References4Affected Software1
osv
osv
added 2023/11/21 11:50 p.m.20 views

GHSA-QF3C-RW9F-JH7V Clear Text Credentials Exposed via Onboarding Task

Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...

5.7CVSS6.5AI score0.00414EPSS
Exploits0References4
github
github
added 2023/11/21 11:50 p.m.35 views

Clear Text Credentials Exposed via Onboarding Task

Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2023/11/21 11:15 p.m.39 views

CVE-2023-48700

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

6.5CVSS0.00414EPSS
Exploits0References1
pypa
pypa
added 2023/11/21 11:15 p.m.9 views

PYSEC-2023-288

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

6.5CVSS7AI score0.00414EPSS
Exploits0References1Affected Software1
osv
osv
added 2023/11/21 11:15 p.m.9 views

PYSEC-2023-288

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

6.5CVSS6.5AI score0.00414EPSS
Exploits0References1
osv
osv
added 2023/11/21 10:30 p.m.39 views

CVE-2023-48700 Clear Text Credentials Exposed via Onboarding Task

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are...

5.7CVSS6.6AI score0.00414EPSS
Exploits0References3
osv
osv
added 2017/08/18 5:29 p.m.5 views

DEBIAN-CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

7.5CVSS7.3AI score0.09356EPSS
Exploits4References1
ubuntucve
ubuntucve
added 2017/08/18 5:29 p.m.55 views

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

7.5CVSS7.1AI score0.09356EPSS
Exploits4References6
osv
osv
added 2017/08/18 5:29 p.m.6 views

UBUNTU-CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

7.5CVSS5.8AI score0.09356EPSS
Exploits4References7
Rows per page
Query Builder