GHSA-99GV-2M7H-3HH9 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The cron routes POST /api/v1/cron and PATCH /api/v1/cron/:id are wired through commonHandler any authenticated user rather than adminHandler, and the per-server permission check on cron creation has a...

CVE-2026-4031 Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception

The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.5.2. This is due to the plugin not restricting access to the wpdbtempdir parameter, which controls where database backups are written. This makes it possible for...

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress 6.1.1 and earlier versions, which stems from the fact that its...

[Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux

DMA2006-1107a - 'OpenBase SQL multiple vulnerabilities Part Deux' Author: Kevin Finisterre Vendors: http://www.openbase.com Product: 'OpenBase SQL =10.0 ?' References: http://www.digitalmunition.com/DMA2006-1107a.txt Description: regurgitation warning - this may taste VERY familiar For over a...