| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34203 | Nautobot: Management of users via REST API does not apply configured password validators | nautobot | nautobot | Low | 2.7 | 2026-03-31 19:27:30 | Deep Dive |
| CVE-2025-62607 | Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL | nautobot | nautobot-app-ssot | Medium | 5.3 | 2025-10-22 15:40:46 | Deep Dive |
| CVE-2025-49143 | Nautobot may allows uploaded media files to be accessible without authentication | nautobot | nautobot | - | - | 2025-06-10 15:43:59 | Deep Dive |
| CVE-2025-49142 | Nautobot vulnerable to secrets exposure and data manipulation through Jinja2 templating | nautobot | nautobot | - | - | 2025-06-10 15:40:21 | Deep Dive |
| CVE-2024-36112 | Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects | nautobot | nautobot | Medium | 6.3 | 2024-05-28 22:26:12 | Deep Dive |
| CVE-2024-34707 | Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages | nautobot | nautobot | High | 7.5 | 2024-05-13 19:22:41 | Deep Dive |
| CVE-2024-32979 | Reflected Cross-site Scripting potential in all object list views in Nautobot | nautobot | nautobot | High | 7.5 | 2024-05-01 10:49:57 | Deep Dive |
| CVE-2024-29199 | Unauthenticated views may expose information to anonymous users | nautobot | nautobot | Low | 3.7 | 2024-03-26 03:08:22 | Deep Dive |
| CVE-2024-23345 | Nautobot has XSS potential in rendered Markdown fields | nautobot | nautobot | High | 7.1 | 2024-01-22 23:14:53 | Deep Dive |
| CVE-2023-51649 | Nautobot missing object-level permissions enforcement when running Job Buttons | nautobot | nautobot | Low | 3.5 | 2023-12-22 16:48:20 | Deep Dive |
| CVE-2023-50263 | Nautobot allows unauthenticated db-file-storage views | nautobot | nautobot | Low | 3.7 | 2023-12-12 22:17:01 | Deep Dive |
| CVE-2023-48705 | nautobot has XSS potential in custom links, job buttons, and computed fields | nautobot | nautobot | High | 7.1 | 2023-11-22 15:15:06 | Deep Dive |
| CVE-2023-48700 | Clear Text Credentials Exposed via Onboarding Task | nautobot | nautobot-plugin-device-onboarding | Medium | 5.7 | 2023-11-21 22:30:58 | Deep Dive |
| CVE-2023-46128 | Exposure of hashed user passwords via REST API in Nautobot | nautobot | nautobot | Medium | 6.5 | 2023-10-24 14:17:53 | Deep Dive |
| CVE-2023-25657 | Remote code execution in Jinja2 template rendering in Nautobot | nautobot | nautobot | High | 7.5 | 2023-02-21 20:51:40 | Deep Dive |