Lucene search
K

9845 matches found

CVE
CVE
added 2026/06/12 9:0 p.m.125 views

CVE-2026-46716

Nezha Monitoring (nezhahq/nezha) is affected by CVE-2026-46716: from version 1.4.0 up to just before 2.0.8, a RoleMember can create a cron task with Cover=CronCoverAll and Servers=[]; on every tick, the dashboard fans out the command to all servers in the global ServerShared map, including other ...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 8:56 p.m.34 views

CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:56 p.m.8 views

CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS5.4AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:56 p.m.29 views

CVE-2026-47268

Affected software/vector: Nezha Monitoring DDNS webhook feature (Nezha dashboard) in versions 0.20.0–

6.4CVSS5.4AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49002

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 2.0.14 through 2.0.99 Description Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. Recommendations Update to version 2.1.0...

6.5CVSS5.2AI score0.00282EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.22 views

PT-2026-49001

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions prior to 2.0.13 Description The dashboard's NoRoute handler contains a flaw in the fallbackToFrontend function. The system uses strings.HasPrefix to identify admin-frontend asset requests by checking if a URL starts...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-45550

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/11 7:7 a.m.105 views

CVEAlertor

CVEAlertor Get an instant Telegram alert the moment a new C...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/11 6:49 a.m.11 views

MAL-2026-5615 Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

6AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.9 views

Falco 0.44.1

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

5.3AI score
Exploits0
Virtuozzo
Virtuozzo
added 2026/06/11 12:0 a.m.23 views

Virtuozzo Infrastructure 7.3 Update 1 Hotfix 1 (7.3.1-60)

This update provides security and stability fixes. Vulnerability id: VSTOR-123887 Stale S3 lifecycle timestamps could cause objects to expire at incorrect times. Vulnerability id: VSTOR-127098 The Keystone service could fail to restart after log rotation. Vulnerability id: VSTOR-129336 A stabilit...

10CVSS6.5AI score0.96267EPSS
Exploits281
NVD
NVD
added 2026/06/10 3:16 p.m.20 views

CVE-2026-45550

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:0 p.m.38 views

CVE-2026-45550 Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:0 p.m.8 views

CVE-2026-45550 Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:0 p.m.12 views

EUVD-2026-36037

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:0 p.m.22 views

CVE-2026-45550

Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...

9.1CVSS5.8AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the PUT /smon/check endpoint, which only verifies that the caller belongs to a certain group...

9.1CVSS5.3AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 6:9 p.m.40 views

CVE-2026-10045 CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.29 views

CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability

...

7.8CVSS0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.14 views

EUVD-2026-35576

Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00286EPSS
Exploits0References1
Rows per page
Query Builder