📦 Nautobot

This vulnerability in Nautobot allows malicious users to exploit Jinja2 templating features to expose secret values or modify data without proper permissions. All users of Nautobot versions before 1.6...

CVE-2024-32979 is a reflected cross-site scripting vulnerability in Nautobot's filterable object-list views. Attackers can craft malicious URLs that execute arbitrary JavaScript in victims' browsers w...

Nautobot versions before 1.6.6 and 2.0.5 contain a stored cross-site scripting vulnerability in user-authored content rendering. Users with permission to create/edit custom links, job buttons, or comp...

This vulnerability allows users with Dynamic Group viewing permissions to see all member objects within those groups, bypassing normal object-level permission checks. For example, a user could view al...