VulniPulse uses Google Ads measurement to understand visits from advertisements and campaign performance. It runs cookie-free until you choose — accepting enables cookies for more accurate attribution. Rejecting keeps it cookie-free and never limits the site.
See exactly what is measuredComplete feed
Critical/high still unreviewed, or CISA KEV listed
Multiple NetApp products incorporate Golang. Golang versions prior to 1.25.10 and 1.26.0 prior to 1.26.3 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Astra Control Center, Trident Protect. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Spring Boot. Spring Boot versions 4.0.0 through 4.0.5, 3.5.0 through 3.5.13, 3.4.0 through 3.4.15, 3.3.0 through 3.3.18, and 2.7.0 through 2.7.32 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). <br><br> OnCommand Insight:<br> Affected only by CVE-2026-40975. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Apache Tomcat. Apache Tomcat versions 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, and 9.0.0.M1 through 9.0.117 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Linux kernel. Certain versions of Linux kernel are susceptible to a local privilege escalation vulnerability referred to as Fragnesia that could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Libcurl. Libcurl versions 7.71.0 through 8.19.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: NetApp HCI Baseboard Management Controller (BMC) - H610S. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Libcurl. Libcurl versions 7.40.0 through 8.19.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: NetApp HCI Baseboard Management Controller (BMC) - H610S. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Libcurl. Libcurl versions 7.14.0 through 8.19.0 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. Successful exploitation of this vulnerability could lead to disclosure of sensitive information. Affected products: NetApp HCI Baseboard Management Controller (BMC) - H610S. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Linux kernel. Linux kernel versions 5.7-rc1 through 6.6.30, 6.7-rc1 through 6.8.9 and 6.9-rc1 through 6.9-rc7 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Linux kernel. Linux kernel versions 5.3-rc7 through 6.18.28, 6.19-rc1 through 7.0.5 and 7.1-rc1 through 7.1-rc2 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). This CVE is part of the Dirty Frag vulnerability class. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate MySQL. MySQL versions 8.0.0 through 8.0.45, 8.4.0 through 8.4.8, and 9.0.0 through 9.6.0 are susceptible to a vulnerability that could allow unauthenticated attacker with logon to the infrastructure, unauthorized creation, deletion or modification access to critical data or complete access to all MySQL Server accessible data, unauthenticated attacker or low or high privileged attacker with network access via multiple protocols to compromise MySQL Server. Refer to “Oracle Critical Patch Update Advisory - April 2026” for additional details. MySQL versions 8.0.0 through 8.0.45, 8.4.0 through 8.4.8, and 9.0.0 through 9.6.0 are susceptible to a vulnerability that could allow an attacker to create, delete, or modify critical data, or potentially gain full access to all data accessible by the MySQL Server. Successful attacks of this vulnerability can result in takeover, unauthorized read access to a subset of MySQL Server accessible data, and cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. <br><br> Active IQ Unified Manager for Microsoft Windows: <br> Not affected by CVE-2026-34276 or CVE-2026-34271. <br> Active IQ Unified Manager for VMware vSphere: <br> Not affected by CVE-2026-34270, CVE-2026-34276, CVE-2025-14017 or CVE-2026-34271. <br> SnapCenter: <br> Not affected by CVE-2025-15467.
Multiple NetApp products incorporate Axios. Axios versions prior to 1.15.0 and 0.31.0 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: NetApp Shift Toolkit, Storage Manager for ProxMox. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Libcurl. Libcurl versions 8.13.0 prior to 8.19.0 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: ONTAP 9. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate the Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 are susceptible to vulnerabilities that could allow an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - January 2026” for additional details. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data, unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data, and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE. <br><br> OnCommand Insight:<br> Affected by only CVE-2026-21925 and CVE-2026-21933. <br> Data Infrastructure Insights Storage Workload Security Agent:<br> Affected by only CVE-2026-21933. Affected products: Active IQ Unified Manager for VMware vSphere, Data Infrastructure Insights and Data Secure Storage Workload Security Agent, NetApp Console Agent, OnCommand Insight. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status.
Multiple NetApp products incorporate MySQL. MySQL versions 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0 are susceptible to a vulnerability that could allow unauthenticated, high and low privileged attackers with network access via multiple protocols to compromise MySQL Server. Refer to “Oracle Critical Patch Update Advisory - January 2026” for additional details. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. Affected products: Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere, OnCommand Insight, SnapCenter.
Multiple NetApp products incorporate Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, and 25 are susceptible to vulnerabilities that when successfully exploited could allow unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - October 2025” for additional details. Successful attacks of these vulnerabilities can result in unauthorized creation, deletion, modification, or access to critical data or complete access to all Oracle Java SE accessible data. Affected products: Active IQ Unified Manager for VMware vSphere, Brocade SAN Navigator (SANnav), E-Series SANtricity Unified Manager and Web Services Proxy, OnCommand Insight, SANtricity Storage Plugin for vCenter. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Pypi/Setuptools. Pypi/Setuptools versions through 69.1.1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Apache Netty. Apache Netty versions prior to 4.2.4.Final and prior to 4.1.124.Final are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS). Successful exploitation of this vulnerability could lead to Denial of Service (DoS). Affected products: Active IQ Unified Manager for Linux. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate the Oracle Java Platform, Standard Edition (Java SE). Java SE versions 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1 are susceptible to vulnerabilities which when successfully exploited could allow an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Refer to “Oracle Critical Patch Update Advisory - July 2025” for additional details. Successful attacks of this vulnerability can result in takeover of Oracle Java SE or unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as unauthorized read access to a subset of Oracle Java SE accessible data. Affected products: Active IQ Unified Manager for VMware vSphere. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate Python. Certain versions of Python are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for Microsoft Windows, Active IQ Unified Manager for VMware vSphere. NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.
Multiple NetApp products incorporate GNU C Library. GNU C Library versions 2.27 through 2.38 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Affected products: Active IQ Unified Manager for VMware vSphere, Brocade Fabric Operating System Firmware, NetApp HCI Baseboard Management Controller (BMC) - H610S, NetApp HCI Compute Node (Bootstrap OS). NetApp reports that one or more additional products remain under investigation; review the canonical advisory for current status. NetApp states there is no workaround available at this time.