CVE-2026-53519

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 Multiple Vulnerabilities (ESA-2026-30 / ESA-2026-33 / ESA-2026-34 / ESA-2026-36)

The version of Kibana installed on the remote host is prior to 8.19.16 or 9.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-30, ESA-2026-33, ESA-2026-34, and ESA-2026-36 advisories. - A path traversal vulnerability was identified in Kibana's dashboard...

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

CVE-2025-13784

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-64302

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...

CVE-2025-64302

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...

CVE-2025-64302

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...

CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...

CVE-2025-64302 Advantech DeviceOn/iEdge Cross-site Scripting

Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation...

EUVD-2025-28849

Malicious code in bioql PyPI...

CVE-2025-9792

The CVE-2025-9792 entry describes a SQL injection in itsourcecode Apartment Management System 1.0, via parameter mid in /e_dashboard/e_all_info.php. The vulnerability is usable remotely and reportedly has a publicly disclosed exploit. Connected documents from CNVD/CNNVD/Red Hat/CIRCL/PTSecurity c...

Employee Record System getData.php File SQL Injection Vulnerability

Employee Record System is an employee record system. Employee Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keywords in the file /dashboard/getData.php. An attacker can exploit this...

CVE-2020-36553

Cross Site Scripting XSS vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Areafoodtype field to /dashboard/menu-list.php...