Lucene search

K

7 matches found

CVE
CVE
added 2024/01/23 12:15 a.m.190 views

CVE-2024-23345

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support...

7.1CVSS5.1AI score0.00412EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.57 views

CVE-2025-49142

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected. Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot, a m...

7.1CVSS6.4AI score0.00041EPSS
CVE
CVE
added 2023/11/22 4:15 p.m.49 views

CVE-2023-48705

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application All users of Nautobot versions earlier than 1.6.6 or 2.0.5 are potentially affected by a cross-site scripting vulnerability. Due to incorrect usage of Django's mark_safe() API when rendering certain typ...

7.1CVSS5.8AI score0.00295EPSS
CVE
CVE
added 2024/05/14 3:39 p.m.49 views

CVE-2024-34707

Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at...

7.5CVSS6.2AI score0.00228EPSS
Web
CVE
CVE
added 2024/03/26 3:15 a.m.46 views

CVE-2024-29199

Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration var...

5.3CVSS4AI score0.00127EPSS
CVE
CVE
added 2023/02/21 9:15 p.m.44 views

CVE-2023-25657

Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the J...

9.8CVSS9.1AI score0.018EPSS
CVE
CVE
added 2025/06/10 4:15 p.m.41 views

CVE-2025-49143

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to v2.4.10 and v1.6.32 , files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint ...

6.3CVSS6.7AI score0.00081EPSS