28 matches found
CVE-2026-46716
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...
CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...
CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...
CVE-2026-46716
Nezha Monitoring (nezhahq/nezha) is affected by CVE-2026-46716: from version 1.4.0 up to just before 2.0.8, a RoleMember can create a cron task with Cover=CronCoverAll and Servers=[]; on every tick, the dashboard fans out the command to all servers in the global ServerShared map, including other ...
CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...
CVE-2026-41236
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...
CVE-2026-41236
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...
PT-2026-44907
Name of the Vulnerable Software and Affected Versions Froxlor version 2.3.6 Description A symlink-following flaw exists in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorized keys within a customer-controlled home...
PT-2026-42859
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description An authenticated user with RoleMember privileges can trigger cron tasks belonging to other users, including administrators. This occurs because the system fails to verify the ownership ...
CVE-2020-37153
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
EUVD-2025-31434
Malicious code in bioql PyPI...
CVE-2025-11071
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...
CVE-2025-11071
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...
CVE-2025-11071 SeaCMS Cron Task Management admin_cron.php sql injection
A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...
CVE-2025-11071
SeaCMS 13.3.20250820 is affected by a SQL injection in the Cron Task Management module via /admin_cron.php, caused by manipulation of the resourcefrom/collectID parameter. The vulnerability can be triggered remotely and exploited after the public disclosure of the exploit. The provided documents ...
PT-2025-39736
Name of the Vulnerable Software and Affected Versions SeaCMS version 13.3.20250820 Description A security issue exists in SeaCMS 13.3.20250820 related to the Cron Task Management Module. The issue involves SQL injection triggered by manipulating the collectID argument within the /admin cron.php...
UBUNTU-CVE-2023-38056
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...
PT-2023-26267 · Otrs +1 · Otrs +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...