150 matches found
Nacos <1.4.1 - Authentication Bypass
This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...
Nacos <1.4.1 - Authentication Bypass
Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...
hermes-sidecar-poc
Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...
GHSA-R29C-68GH-XP6X vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
GHSA-GX5V-XP9W-J4CG vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
GHSA-FV25-8XCX-GQJC vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
GHSA-H6FC-48RJ-7QQH vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
GHSA-5MP6-JRQ3-R938 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
CVE-2026-42498 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
CVE-2026-43512 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
CVE-2026-41284 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
CVE-2026-43513 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
CVE-2026-41293 vulnerabilities
Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
CVE-2026-42198 vulnerabilities
Vulnerabilities for packages: sonarqube, thingsboard, guacamole-client, apache-hop-fips, apache-hop, nacos, apicurio-registry, ghidra, flyway-fips, nacos-docker, dependency-track, dependency-track-apiserver, nuxeo, keycloak, kayenta-fips, camunda, keycloak-fips, hono, geoserver, flyway, kayenta,...
GHSA-98QH-XJC8-98PQ vulnerabilities
Vulnerabilities for packages: sonarqube, thingsboard, guacamole-client, apache-hop-fips, apache-hop, nacos, apicurio-registry, ghidra, flyway-fips, nacos-docker, dependency-track, dependency-track-apiserver, nuxeo, keycloak, kayenta-fips, camunda, keycloak-fips, hono, geoserver, flyway, kayenta,...
cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)
org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...
CVE-2026-34237 vulnerabilities
Vulnerabilities for packages: nacos-docker, camunda-zeebe, nacos, camunda...
GHSA-8JXR-PR72-R468 vulnerabilities
Vulnerabilities for packages: nacos-docker, nacos...
CVE-2024-46983 vulnerabilities
Vulnerabilities for packages: nacos-docker, nacos...