GHSA-R29C-68GH-XP6X vulnerabilities

Vulnerabilities for packages: nacos, ontop, kayenta-fips, ontop-fips, kayenta, nacos-docker, thingsboard, camunda, camunda-zeebe...

GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: nacos, druid, flyway, nacos-docker, hono, apicurio-registry, kayenta, ghidra, apache-hop-fips, keycloak, nuxeo, kayenta-fips, dependency-track-apiserver, guacamole-client, sonarqube, geoserver, flyway-fips, thingsboard, camunda, camunda-zeebe, debezium, apache-hop,...

CVE-2024-46983 vulnerabilities

Vulnerabilities for packages: nacos, nacos-docker...

CVE-2026-34237 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, nacos, nacos-docker, camunda...

VulnCheck KEV: CVE-2021-29441

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor...

GHSA-4GR7-QW2Q-JXH6 Cross-site Scripting in Nacos

A Cross Site Scripting XSS vulnerability exists in Nacos prior to 1.4.5 and 2.1.0-BETA in auth/users via the 1 pageSize and 2 pageNo parameters...

Alibaba nacos 访问控制错误漏洞

nacos is a dynamic service discovery, configuration and service management platform for Alibaba in China. The software supports both DNS-based and RPC-based service discovery, and can provide features such as providing real-time health checks and blocking services from sending requests to unhealt...

Ali open source project nacos SQL injection vulnerability exists

Nacos is the latest open source project from Alibaba. The Ali open source project nacos suffers from a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...