CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

EUVD-2026-36594

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

CVE-2026-47124

CVE-2026-47124 (Nezha Monitoring) : In versions 1.4.0 through before 2.0.9, any authenticated non-admin user can connect to the server-status WebSocket and receive telemetry for all servers, including those owned by other users. The WebSocket stream bypasses per-server HasPermission checks, retur...

GHSA-HVV7-HFRH-7GXJ Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user ...

K000148488: MySQL vulnerabilities CVE-2024-21243 and CVE-2024-21237

Security Advisory Description CVE-2024-21243 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Telemetry. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access...

Vulnerability of the MySQL Server component: The Telemetry feature of the MySQL Server management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the MySQL Server component relates to insufficient protection of operational data due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the MySQL network...

UBUNTU-CVE-2024-21243

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Telemetry. Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Uber: Unsecured Dropwizard Admin Panel on display.uber-adsystem.com exposes sensitive server information

The dropwizard instance running on display.uber-adsystem.com is unsecured, meaning any unauthenticated user can view and use it's admin tools. These tools expose sensitive information on Uber production servers, including the current threads running, info on the CPU, and more server info that...