Lucene search
K

150 matches found

Nuclei
Nuclei
added yesterday60 views

Nacos <1.4.1 - Authentication Bypass

This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...

9.8CVSS7.5AI score0.74818EPSS
Exploits2References5
Nuclei
Nuclei
added 2 days ago92 views

Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

8.6CVSS7AI score0.64697EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2026/06/02 7:3 a.m.76 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.31 views

GHSA-R29C-68GH-XP6X vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

GHSA-GX5V-XP9W-J4CG vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

GHSA-FV25-8XCX-GQJC vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

GHSA-H6FC-48RJ-7QQH vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.10 views

GHSA-5MP6-JRQ3-R938 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

CVE-2026-42498 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

7.3CVSS7.1AI score0.00548EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.16 views

CVE-2026-43512 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

9.8CVSS7.3AI score0.01233EPSS
Exploits1
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

CVE-2026-41284 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

7.5CVSS7.1AI score0.0078EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.13 views

CVE-2026-43513 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

7.5CVSS7.1AI score0.00467EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/20 1:18 a.m.19 views

CVE-2026-41293 vulnerabilities

Vulnerabilities for packages: ontop, kayenta, nacos-docker, thingsboard, camunda-zeebe, nacos, ontop-fips, kayenta-fips, camunda...

9.8CVSS7.3AI score0.01339EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.8 views

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.8AI score0.0022EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.11 views

CVE-2026-42198 vulnerabilities

Vulnerabilities for packages: sonarqube, thingsboard, guacamole-client, apache-hop-fips, apache-hop, nacos, apicurio-registry, ghidra, flyway-fips, nacos-docker, dependency-track, dependency-track-apiserver, nuxeo, keycloak, kayenta-fips, camunda, keycloak-fips, hono, geoserver, flyway, kayenta,...

7.5CVSS7.1AI score0.0077EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/07 1:17 a.m.12 views

GHSA-98QH-XJC8-98PQ vulnerabilities

Vulnerabilities for packages: sonarqube, thingsboard, guacamole-client, apache-hop-fips, apache-hop, nacos, apicurio-registry, ghidra, flyway-fips, nacos-docker, dependency-track, dependency-track-apiserver, nuxeo, keycloak, kayenta-fips, camunda, keycloak-fips, hono, geoserver, flyway, kayenta,...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/22 6:30 a.m.8 views

cc.chensoul.nacos:nacos-distribution (=2.5.2), cn.sparrowmini:sparrow-org-service (=0.0.1) +625 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=5.8.0 <=5.8.2)

org.springframework.security:spring-security-core MAVEN version =5.8.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =5.12.0, =5.12.0, =1.48.0, =1.48.0, =1.48.0, =2.4.0, =2.4.0, =2.4.0, =2.6.0 and more Source cves: CVE-2026-22746 Source advisory: OSV:GHSA-VXF7-QJ7Q-83FH...

3.7CVSS5.8AI score0.00215EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/13 7:18 p.m.9 views

CVE-2026-34237 vulnerabilities

Vulnerabilities for packages: nacos-docker, camunda-zeebe, nacos, camunda...

6.1CVSS7.2AI score0.00222EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/13 7:18 p.m.7 views

GHSA-8JXR-PR72-R468 vulnerabilities

Vulnerabilities for packages: nacos-docker, nacos...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/04/13 7:18 p.m.6 views

CVE-2024-46983 vulnerabilities

Vulnerabilities for packages: nacos-docker, nacos...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
Rows per page
Query Builder