CVE-2026-22052

>= 9.12.1

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploi

4.3MEDIUM

CVE-2026-22050

all versions

ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerabil

4.3MEDIUM

CVE-2025-1861

all versions

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP re

9.8CRITICAL

CVE-2025-1736

all versions

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied h

7.3HIGH

CVE-2025-1734

all versions

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when receiving heade

5.3MEDIUM

CVE-2025-24928

all versions

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit th

7.8HIGH

CVE-2024-56171

all versions

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTable

7.8HIGH

CVE-2025-26465

all versions

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed

6.8MEDIUM

CVE-2025-0167

all versions

When asked to use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the firs

3.4LOW

CVE-2024-11053

all versions

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the fir

3.4LOW

CVE-2024-8932

all versions

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() f

9.8CRITICAL

CVE-2024-39573

all versions

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpect

7.5HIGH

CVE-2024-38473

all versions

Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to b

8.1HIGH

CVE-2024-38472

all versions

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious request

7.5HIGH

CVE-2024-36387

all versions

Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the

5.4MEDIUM

CVE-2024-6387

all versions

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to

8.1HIGH

CVE-2024-27316

all versions

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 respo

7.5HIGH

CVE-2024-24795

all versions

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers in

6.3MEDIUM

CVE-2023-38709

all versions

Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.

7.3HIGH

CVE-2024-2004

all versions

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remai

3.5LOW

CVE-2024-28757

all versions

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_Exter

7.5HIGH

CVE-2023-4408

all versions

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause proble

7.5HIGH

CVE-2023-27317

all versions

ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2

4.3MEDIUM

CVE-2023-27536

all versions

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously establishe

5.9MEDIUM