3 matches found
PT-2026-42871
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authorization bypass allows users with the RoleMember role to execute arbitrary commands on all servers monitored by the dashboard, including those belonging to other tenants or...
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...
GHSA-J36M-74G2-7M95 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...