Lucene search
K

21 matches found

NVD
NVD
added 2026/05/28 6:16 p.m.18 views

CVE-2026-44796

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot UI object-bulk-rename endpoints for example, /dcim/interfaces/rename/ were vulnerable to application-wide denial of service via maliciously crafted regular expressions in the find field in...

6.5CVSS0.00312EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 4:57 p.m.12 views

EUVD-2026-32973

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, a user with access to add/change a GitRepository record could use the REST API to directly set the currenthead field on the record, which was not intended to be user-editable. Doing so could cause...

7.1CVSS5.8AI score0.00277EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/13 3:30 p.m.9 views

nautobot-app-intent-networking (>=2.0.9 <=2.0.11), nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2) +13 more potentially affected by CVE-2026-44796 via nautobot (>=3.0.0rc2 <=3.1.1)

nautobot PYPI version =3.0.0rc2, =2.0.9, =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1 Source cves: CVE-2026-44796 Source advisory: OSV:GHSA-QRPW-GJVH-X5GM...

6.5CVSS5.8AI score0.00312EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-0180

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00748EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-17714

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00303EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0959

Malicious code in bioql PyPI...

5.3CVSS4.8AI score0.00628EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/06/12 4:10 p.m.6 views

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

7.1CVSS6.2AI score0.00303EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/11 10:56 a.m.6 views

Remote Code Execution (RCE)

Nautobot is vulnerable to Remote Code Execution. The vulnerability is due to insufficient sandboxing due to improper security configuration of the Jinja2 templating feature, allowing malicious users to access secrets or call Python APIs to modify data, bypassing object permissions...

7.1CVSS7.6AI score0.00303EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2025/06/10 8:36 p.m.5 views

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...

6.3CVSS5.8AI score0.00383EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/06/10 8:17 p.m.29 views

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...

7.1CVSS6.3AI score0.00303EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2025/06/10 4:42 p.m.4 views

Information Exposure

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Information Exposure due to the improper enforcement of authentication mechanisms on the MEDIAROOT directory. An attacker can retrieve files by guessing or knowing the corre...

6.3CVSS7AI score0.00383EPSS
Exploits0References3
PyPA
PyPA
added 2025/06/10 4:15 p.m.10 views

PYSEC-2025-74

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References5
CVE
CVE
added 2025/06/10 3:40 p.m.127 views

CVE-2025-49142

CVE-2025-49142 affects Nautobot prior to 2.4.10 and prior to 1.6.32. The issue arises from misconfigurations in the Jinja2 templating used in computed fields, custom links, etc., allowing a malicious user to expose secret values or to invoke Python APIs to modify data when templated content is re...

7.1CVSS6.4AI score0.00303EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/06/10 3:40 p.m.37 views

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

6CVSS0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.3 views

PT-2025-24686 · Nautobot · Nautobot

Name of the Vulnerable Software and Affected Versions: Nautobot versions prior to 2.4.10 Nautobot versions prior to 1.6.32 Description: The issue concerns Nautobot, a Network Source of Truth and Network Automation Platform. Files uploaded by users to Nautobot's MEDIA ROOT directory can be retriev...

6.3CVSS6.5AI score0.00383EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.2 views

Nautobot 安全漏洞

Nautobot is a web automation platform by the individual developers of Nautobot. A security vulnerability exists in Nautobot versions prior to 2.4.10 and prior to 1.6.32, which stems from a misconfigured Jinja2 template that could lead to data leakage or tampering...

7.1CVSS6.3AI score0.00303EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:2 a.m.8 views

CVE-2024-29199

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration...

5.3CVSS6.8AI score0.00628EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 a.m.7 views

CVE-2024-23345

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

7.1CVSS5.7AI score0.00433EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/05/13 7:59 p.m.3 views

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-34707 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-34707 Source advisory: OSV:GHSA-R2HR-4V48-FJV3...

7.5CVSS7.1AI score0.00606EPSS
Exploits1
CVE
CVE
added 2023/12/12 10:17 p.m.49 views

CVE-2023-50263

CVE-2023-50263 (Nautobot) describes an information disclosure vulnerability where unauthenticated access to file storage URLs /files/get/?name=… and /files/download/?name=… is possible in Nautobot 1.x and 2.0.x before 1.6.7 and 2.0.6. The issue stems from the default Django-db-file-storage implem...

5.3CVSS5.1AI score0.00748EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder