These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
Nautobot, a Network Source of Truth and Network Automation Platform, contains a server-side request forgery (SSRF) vulnerability in its Webhook data model. Users with sufficient privileges can configure webhooks to target restricted internal hosts and IP addresses, enabling unauthorized outbound requests. The vulnerability stems from insufficient validation of webhook destination URLs, allowing attackers [truncated]
Nautobot, a Network Source of Truth and Network Automation Platform, contains a denial-of-service vulnerability in its UI object-bulk-rename endpoints (e.g., /dcim/interfaces/rename/). Prior to versions 2.4.33 and 3.1.2, authenticated users with access to these endpoints could trigger application-wide DoS by submitting maliciously crafted regular expressions in the find field when the use_regex flag is en [truncated]
Nautobot, a Network Source of Truth and Network Automation Platform, contains an authorization bypass vulnerability in its REST API. Prior to versions 2.4.33 and 3.1.2, when creating or updating objects that use GenericForeignKey references (a Django pattern allowing polymorphic relationships to multiple content types), the API failed to enforce user 'view' permissions when validating object references. T [truncated]