netapp

2,510 tracked vulnerabilities.

CVE-2026-22051 LOW
Netapp StorageGRID (formerly StorageGRID Webscale) < 11.9.0.13 - Information Disclosure
Apr 20, 2026
EPSS 0.00
CVE-2026-22052 MEDIUM
NetApp ONTAP >= 9.12.1 - Authenticated Information Disclosure via S3 NAS Bucket Directory Listing
Mar 05, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-22048 HIGH
NetApp StorageGRID < 11.9.0.12 and 12.0.0.4 - Entra ID SSO Server-Side Request Forgery
Feb 18, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-22050 MEDIUM
NetApp ONTAP 9.16.1-9.16.1P8 & 9.17.1-9.17.1P1 - Auth Bypass via Snapshot Expiry Manipulation
Jan 12, 2026
CVSS 4.3
EPSS 0.00
CVE-2025-26517 MEDIUM
StorageGRID < 11.8.0.15 - Authenticated Privilege Escalation
Sep 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-26516 MEDIUM
StorageGRID < 11.8.0.15 - Unauthenticated Denial of Service
Sep 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-26515 HIGH
StorageGRID < 11.8.0.15 - Unauthenticated Server-Side Request Forgery
Sep 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26514 MEDIUM
StorageGRID < 11.8.0.15 - Reflected Cross-Site Scripting
Sep 19, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-26513 HIGH
NetApp SAN Host Utilities < 8.0 - Local Privilege Escalation via Installer
Aug 07, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-27820 HIGH
Apache HttpClient 5.4-5.4.2 - Improper Certificate Validation in PSL Domain Check Logic
Apr 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30722 MEDIUM
Oracle MySQL <9.2.0 - Unauthorized Access
Apr 15, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-30691 MEDIUM
Oracle GraalVM for JDK 21.0.6 and 24 - Unauthenticated Improper Access Control via Compiler APIs
Apr 15, 2025
CVSS 4.8
EPSS 0.01
CVE-2025-21583 MEDIUM
MySQL Server 8.4.0 and 9.0.0 - Denial of Service in Server: DDL
Apr 15, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-31672 MEDIUM
Apache POI < 5.4.0 - Improper Input Validation in OOXML File Parsing
Apr 09, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-1861 CRITICAL
PHP <8.1.32, <8.2.28, <8.3.19, <8.4.5 - Info Disclosure
Mar 30, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-1736 HIGH
PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in Header Handling
Mar 30, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-1734 MEDIUM
PHP 8.1.0-8.1.31, 8.2.0-8.2.27, 8.3.0-8.3.18, 8.4.0-8.4.4 - Improper Input Validation in HTTP Header Parsing
Mar 30, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-26512 CRITICAL
SnapCenter < 6.0.1P1 and < 6.1P1 - Authenticated Privilege Escalation to Admin via Plug-in
Mar 24, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-29768 MEDIUM
Vim < 9.1.1198 - Data Loss via Crafted Zip File in zip.vim
Mar 13, 2025
CVSS 4.4
EPSS 0.00
CVE-2025-25292 CRITICAL
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.04
CVE-2025-25291 CRITICAL NUCLEI
ruby-saml <1.12.4,1.18.0 - Auth Bypass
Mar 12, 2025
CVSS 9.8
EPSS 0.21
CVE-2025-24813 CRITICAL KEVNUCLEI
Tomcat Partial PUT Java Deserialization
Mar 10, 2025
CVSS 9.8
EPSS 0.94
CVE-2025-27423 HIGH
Vim 9.1.0858-9.1.1163 - Command Injection via tar.vim Plugin
Mar 03, 2025
CVSS 7.1
EPSS 0.02
CVE-2025-24928 HIGH
libxml2 <2.12.10 & 2.13.x <2.13.6 - Buffer Overflow
Feb 18, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-26603 MEDIUM
Vim < 9.1.1115 - Use-After-Free via :display Command Redirection
Feb 18, 2025
CVSS 4.2
EPSS 0.00
Products
oncommand_insight 971 active_iq_unified_manager 848 oncommand_workflow_automation 743 snapcenter 575 cloud_backup 345 h700s_firmware 289 h300s_firmware 288 h410s_firmware 288 h500s_firmware 288 e-series_santricity_os_controller 242 h410c_firmware 236 steelstore_cloud_integrated_storage 211 solidfire 192 clustered_data_ontap 187 hci_management_node 182 snapmanager 180 ontap_select_deploy_administration_utility 179 oncommand_unified_manager 169 h700e_firmware 149 h300e_firmware 148 h500e_firmware 148 e-series_santricity_storage_manager 140 storage_automation_store 113 solidfire_\&_hci_management_node 103 element_software 100 e-series_santricity_web_services 99 oncommand_balance 83 santricity_unified_manager 77 7-mode_transition_tool 75 oncommand_performance_manager 73
Quick Filters
Critical CVEs With Exploits In CISA KEV