Lucene search
K

23 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References9
vulnersOsv
vulnersOsv
added 2026/05/13 3:31 p.m.9 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44798 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44798 Source advisory: SNYK:PYTHON-NAUTOBOT-16691141...

7.1CVSS5.8AI score0.00277EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.8 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44797 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44797 Source advisory: OSV:GHSA-C35Q-VXRP-PH26...

8.5CVSS5.8AI score0.00235EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.15 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44796 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44796 Source advisory: SNYK:PYTHON-NAUTOBOT-16691221...

6.5CVSS5.8AI score0.00312EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.7 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44794 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44794 Source advisory: SNYK:PYTHON-NAUTOBOT-16691222...

5.4CVSS5.8AI score0.00177EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.10 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44794 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44794 Source advisory: OSV:GHSA-WPXJ-44W3-2J6X...

5.4CVSS5.8AI score0.00177EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40720

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description A user with permissions to add or modify a GitRepository record can use the REST API to directly set the current head field, which is not intended to be...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/03/31 11:7 p.m.8 views

Nautobot: Management of users via REST API does not apply configured password validators

Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2025/06/10 8:36 p.m.3 views

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49143 via nautobot (>=2.0.0 <=2.3.4)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...

6.3CVSS5.8AI score0.00383EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/10 4:42 p.m.3 views

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49143 via nautobot (>=2.0.0 <=2.3.4)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...

6.3CVSS5.8AI score0.00383EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/10 4:42 p.m.4 views

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...

6.3CVSS5.8AI score0.00383EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/10 4:15 p.m.5 views

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +2 more potentially affected by CVE-2025-49142 via nautobot (>=2.0.0 <=2.3.4)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 - nautobot-ssot-unifi =1.0.2 Source cves: CVE-2025-49142 Source advisory: OSV:PYSEC-2025-79...

7.1CVSS5.4AI score0.00303EPSS
Exploits0
CVE
CVE
added 2025/06/10 3:43 p.m.56 views

CVE-2025-49143

Summary: CVE-2025-49143 affects Nautobot before v2.4.10 and v1.6.32. The issue is improper access control on files stored in Nautobot’s MEDIA_ROOT, including DeviceType images and other attachments, which could be retrieved by anonymous users via guessed URLs. Affected versions: Nautobot 2.x vers...

6.3CVSS6.7AI score0.00383EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/10 3:40 p.m.6 views

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

6CVSS6.4AI score0.00303EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/05/28 11:15 p.m.4 views

nautobot-device-resources (=1.0.0), nautobot-fsus (>=2.0.0 <=2.0.2) +1 more potentially affected by CVE-2024-36112 via nautobot (>=2.0.0 <=2.2.9)

nautobot PYPI version =2.0.0, =2.0.0, =2.0.0, =2.5.0 Source cves: CVE-2024-36112 Source advisory: OSV:PYSEC-2024-166...

6.5CVSS6.5AI score0.00398EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/26 1:50 a.m.2 views

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-29199 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-29199 Source advisory: OSV:GHSA-M732-WVH2-7CQ4...

5.3CVSS5.8AI score0.00628EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/22 7:51 p.m.6 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)

nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:GHSA-VF5M-XRHM-V999...

4.3CVSS5.8AI score0.00448EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/12/22 5:15 p.m.5 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +25 more potentially affected by CVE-2023-51649 via nautobot (>=1.5.16 <=1.6.32)

nautobot PYPI version =1.5.16, =0.7.0, =1.1.0, =1.8.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-51649 Source advisory: OSV:PYSEC-2023-287...

4.3CVSS5.8AI score0.00448EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/11/22 8:55 p.m.4 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +27 more potentially affected by CVE-2023-48705 via nautobot (>=1.0.3 <=1.6.32)

nautobot PYPI version =1.0.3, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-48705 Source advisory: OSV:GHSA-CF9F-WMHP-V4PR...

7.1CVSS6.5AI score0.00543EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/11/22 4:15 p.m.2 views

nautobot-bgp-models (>=0.7.0 <=1.0.0), nautobot-capacity-metrics (>=1.1.0 <=2.1.1) +27 more potentially affected by CVE-2023-48705 via nautobot (>=1.0.3 <=1.6.32)

nautobot PYPI version =1.0.3, =0.7.0, =1.1.0, =1.6.0, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =0.9.0, =1.1.0, =1.2.1 and more Source cves: CVE-2023-48705 Source advisory: OSV:PYSEC-2023-285...

7.1CVSS6.5AI score0.00543EPSS
Exploits0
Rows per page
Query Builder