Every CVE whose affected-product data names Netapp Ontap, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2025-1861 — CVSS 9.8 (critical): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in…
CVE-2024-8932 — CVSS 9.8 (critical): In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on…
CVE-2024-6387 — CVSS 8.1 (high): A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle…
CVE-2024-38473 — CVSS 8.1 (high): Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend…
CVE-2024-56171 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in…
CVE-2025-24928 — CVSS 7.8 (high): libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD…
CVE-2024-39573 — CVSS 7.5 (high): Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly…
CVE-2024-27316 — CVSS 7.5 (high): HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a…
CVE-2024-28757 — CVSS 7.5 (high): libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via…
CVE-2023-4408 — CVSS 7.5 (high): The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for…
CVE-2024-38472 — CVSS 7.5 (high): SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or…
CVE-2023-38709 — CVSS 7.3 (high): Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This…
CVE-2025-1736 — CVSS 7.3 (high): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers…
CVE-2025-26465 — CVSS 6.8 (medium): A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a…
CVE-2024-24795 — CVSS 6.3 (medium): HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into…
CVE-2023-27536 — CVSS 5.9 (medium): An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established…
CVE-2024-36387 — CVSS 5.4 (medium): Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server…
CVE-2025-1734 — CVSS 5.3 (medium): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from…
CVE-2026-22052 — CVSS 4.3 (medium): ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could…
CVE-2026-22050 — CVSS 4.3 (medium): ONTAP versions 9.16.1 prior to 9.16.1P9 and 9.17.1 prior to 9.17.1P2 with snapshot locking enabled are susceptible to a vulnerability which…
CVE-2023-27317 — CVSS 4.3 (medium): ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to…
CVE-2024-2004 — CVSS 3.5 (low): When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the…
CVE-2024-11053 — CVSS 3.4 (low): When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host…
CVE-2025-0167 — CVSS 3.4 (low): When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to…