CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

CVE-2026-47124

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

CVE-2026-46716

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

GHSA-FP5J-4FJ2-4JVQ Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)

Radius Controller May Delete a Container Resource via an Injected Deployment Annotation Multi-Tenant Installs Summary A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a DELETE for the container resource referenced by a tampered radapp.io/status annotation...

Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)

Radius Controller May Delete a Container Resource via an Injected Deployment Annotation Multi-Tenant Installs Summary A configuration-validation issue in the Radius Kubernetes controller can cause it to issue a DELETE for the container resource referenced by a tampered radapp.io/status annotation...

Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Summary /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders builder.apps set but builder.global unset. The controller th...

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

CVE-2026-45832

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

EUVD-2026-36483

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

CVE-2026-45832

CVE-2026-45832 affects the Python project of ChromaDB. All V1 collection-level endpoints pass None for the tenant and database to the authorization layer, which allows attackers to bypass authorization controls when using the V1 endpoints. The reports do not provide any explicit remediation steps...

GHSA-98XF-R82G-9MHX LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

CVE-2026-45831

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

EUVD-2026-36482

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

CVE-2026-45831

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

CVE-2026-45831

The CVE describes a vulnerability in the SimpleRBACAuthorizationProvider of the ChromaDB Python project (versions 0.5.0 and later). The issue is that it evaluates whether a user has a permission without validating the tenant/database/collection scope, enabling cross-tenant actions. This is the un...

CVE-2026-8828

CVE-2026-8828 describes a lack of authorization validation in ChromaDB Rust (version 1.0.0 and later) that allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenant ownership. The core issue is insufficient access control in ...

EUVD-2026-36464

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...

CVE-2026-8828

A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to...