CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

CVE-2026-47120

CVE-2026-47120 affects Nezha Monitoring: from v1.4.0 to before v2.0.8, a RoleMember can trigger other users’ cron tasks via AlertRule.FailTriggerTasks without ownership checks, enabling admin cron commands to run on all servers. The issue is resolved in v2.0.8. Exploitation details in connected s...

EUVD-2026-36593

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

PT-2026-42871

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authorization bypass allows users with the RoleMember role to execute arbitrary commands on all servers monitored by the dashboard, including those belonging to other tenants or...

CVE-2020-37153

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

ASTPP 跨站脚本漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and command injection vulnerabilities in the SIP device configuration and plugin management...

PT-2026-7669

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

Exploit for Improper Privilege Management in Centreon

CVE-2019-19699 Centreon =\ After logging in we navi...

OpenBSD Local Root Compromise

ZOOM International Security Advisory OpenBSD local root compromise Systems affected: OpenBSD all version, OpenBSD Current prior April 8, 2002 Risk: High Date: April 11, 2002 Legal Notice: This advisory is copyright c ZOOM International. Disclaimer: Information contained in this advisory are...