CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

CVE-2023-48732 Keywords that trigger mentions are leaked to other users

Mattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel...