3 matches found
CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...
Kibana 8.x < 8.19.16 / 9.0.x < 9.3.5 Multiple Vulnerabilities (ESA-2026-30 / ESA-2026-33 / ESA-2026-34 / ESA-2026-36)
The version of Kibana installed on the remote host is prior to 8.19.16 or 9.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the ESA-2026-30, ESA-2026-33, ESA-2026-34, and ESA-2026-36 advisories. - A path traversal vulnerability was identified in Kibana's dashboard...
CVE-2026-33462
A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...