EUVD-2023-45634

Malicious code in bioql PyPI...

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Impact What kind of vulnerability is it? Who is impacted? All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot: 1. A malicious...

Improper Neutralization of Special Elements Used in a Template Engine

Overview nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the misconfiguration of the Jinja2 templating feature. An attacker can expose secret values and...

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

PYSEC-2025-79

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

CVE-2025-49142 Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a...

GHSA-965R-9CG9-G42P Valtimo backend libraries allows objects in the object-api to be accessed and modified by unauthorized users

Impact All objects for which an object-management configuration exists can be listed, viewed, edited, created or deleted by unauthorised users. If object-urls are exposed via other channels, the contents of these objects can be viewed independent of object-management configurations. Attack...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

PT-2024-38106

Name of the Vulnerable Software and Affected Versions Pulp affected versions not specified Description A flaw was found in the Pulp package related to role-based access control RBAC objects. When an RBAC object is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin,...

CVE-2023-6239

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions 23.9, 23.10, and 23.11 before 23.11.13168.7, potentially enabling unauthorized access to the object...

Cross-site Scripting potential in custom links, job buttons, and computed fields

Impact All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected. Due to incorrect usage of Django's marksafe API when rendering certain types of user-authored content, including: - custom links - job buttons - computed fields it is possible that users with permission to...

CVE-2023-48705

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

Cross site scripting

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's marksafe API when rendering certain type...

CVE-2022-29619

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted...

IBM: Insecure Object Permissions for Guest User leads to access to internal documents!

An Insecure Object Permissions vulnerability was reported to IBM, analyzed and have been remediated. Thank you to mocr7...

CVE-2019-9943

In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled...

CVE-2018-8848

Philips e-Alert Unit non-medical device, Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor...

Ubuntu 14.04 LTS : Swift vulnerabilities (USN-2704-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2704-1 advisory. Rajaneesh Singh discovered Swift does not properly enforce metadata limits. An attacker could abuse this issue to store more metadata than allowed by...

Design/Logic Flaw

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...