Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2026/05/23 12:8 a.m.11 views

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

5.9AI score
Exploits0References2Affected Software1
OSV
OSVadded 2026/05/23 12:8 a.m.2 views

GHSA-RXF6-WJH4-JFJ6 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Summary createAlertRule and createService and their update siblings accept FailTriggerTasks uint64 and RecoverTriggerTasks uint64 — IDs of cron tasks to fire when the alert/service trips. The validation function only validates the alert's Rules.Ignore server map; it never checks that the cron tas...

5.4CVSS5.9AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/23 12:0 a.m.5 views

PT-2026-42871

Summary nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The cron routes POST /api/v1/cron and PATCH /api/v1/cron/:id are wired through commonHandler any authenticated user rather than adminHandler, and the per-server permission check on cron creation has a...

9.9CVSS6AI score
Exploits1References3
OSV
OSVadded 2026/02/11 9:16 p.m.1 views

CVE-2020-37153

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

9.8CVSS6AI score
Exploits0References4
CNNVD
CNNVDadded 2026/02/11 12:0 a.m.2 views

ASTPP 跨站脚本漏洞

ASTPP is a VoIP billing solution developed by Innextrix Technologies Pvt. Ltd. Version 4.0.1 of ASTPP contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and command injection vulnerabilities in the SIP device configuration and plugin management...

9.8CVSS5.9AI score0.00176EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/02/11 12:0 a.m.2 views

PT-2026-7669

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

9.8CVSS5.7AI score0.00176EPSS
Exploits1References5
GithubExploit
GithubExploitadded 2020/01/17 5:7 p.m.126 views

Exploit for Improper Privilege Management in Centreon

CVE-2019-19699 Centreon =\ After logging in we navi...

9CVSS7.5AI score0.38915EPSS
Exploits3
securityvulns
securityvulnsadded 2002/04/12 12:0 a.m.19 views

OpenBSD Local Root Compromise

ZOOM International Security Advisory OpenBSD local root compromise Systems affected: OpenBSD all version, OpenBSD Current prior April 8, 2002 Risk: High Date: April 11, 2002 Legal Notice: This advisory is copyright c ZOOM International. Disclaimer: Information contained in this advisory are...

0.2AI score
Exploits0
Rows per page
Query Builder