GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

PT-2026-42859

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authenticated user with RoleMember privileges can trigger cron tasks belonging to other users, including administrators. This occurs because the system fails to verify the ownership ...

EUVD-2025-31434

Malicious code in bioql PyPI...

CVE-2025-11071

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-11071

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-11071

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-11071

SeaCMS 13.3.20250820 is affected by a SQL injection in the Cron Task Management module via /admin_cron.php, caused by manipulation of the resourcefrom/collectID parameter. The vulnerability can be triggered remotely and exploited after the public disclosure of the exploit. The provided documents ...

CVE-2025-11071 SeaCMS Cron Task Management admin_cron.php sql injection

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

SeaCMS SQL注入漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A SQL injection vulnerability exists in SeaCMS version 13.3.20250820, which stems from incorrect manipulation of the parameter...

The vulnerability of the task scheduler fly-admin-cron in the FLY operating system of Astra Linux allows a perpetrator to access confidential data, compromise its integrity, and cause service failures due to improper handling of registration data.

The vulnerability of the task scheduler fly-admin-cron in the FLY environment of the Astra Linux operating system is related to an incorrect definition of the user performing the task editing operations. Exploiting this vulnerability allows a remote attacker to gain access to confidential data,...