Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

CVE-2026-41284 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

GHSA-H6FC-48RJ-7QQH vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

CVE-2026-43512 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

GHSA-GX5V-XP9W-J4CG vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

GHSA-5MP6-JRQ3-R938 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

CVE-2026-43513 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

CVE-2026-41293 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

CVE-2026-42498 vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

GHSA-FV25-8XCX-GQJC vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

GHSA-R29C-68GH-XP6X vulnerabilities

Vulnerabilities for packages: thingsboard, camunda, nacos, kayenta-fips, kayenta, ontop-fips, ontop, nacos-docker, camunda-zeebe...

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: flyway-fips, thingsboard, keycloak, nacos-docker, flyway, debezium, seata, camunda-zeebe, geoserver, nuxeo, apache-hop-fips, nacos, ghidra, kayenta-fips, hono, kayenta, guacamole-client, keycloak-fips, apicurio-registry, dependency-track-apiserver, camunda,...

CVE-2026-42198 vulnerabilities

Vulnerabilities for packages: flyway-fips, thingsboard, keycloak, nacos-docker, flyway, debezium, seata, camunda-zeebe, geoserver, nuxeo, apache-hop-fips, nacos, ghidra, kayenta-fips, hono, kayenta, guacamole-client, keycloak-fips, apicurio-registry, dependency-track-apiserver, camunda,...

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

adclaw (>=1.0.0 <=1.0.29), agentjet (=0.0.1) +27 more potentially affected by CVE-2026-6605 via agentscope (>=0.1.0 <=2.0.0)

agentscope PYPI version =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.2.0, =0.1.5, =1.0.0.post2, =0.1.0, =0.1.0, =0.0.1, =0.1.0.post1, =0.2.0, =0.4.0, =0.4.1 and more Source cves: CVE-2026-6605 Source advisory: SNYK:PYTHON-AGENTSCOPE-16318345...

CVE-2026-35568 vulnerabilities

Vulnerabilities for packages: nacos-docker, nacos...

CVE-2024-46983 vulnerabilities

Vulnerabilities for packages: nacos-docker, nacos...