Lucene search
K

4 matches found

OSV
OSV
added 2026/06/26 11:2 p.m.6 views

GHSA-39G2-8X68-PMX8 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Summary PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the contex...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 9:4 p.m.12 views

CVE-2026-53521 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those...

6.4CVSS5.2AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:4 p.m.19 views

CVE-2026-53521

CVE-2026-53521 affects Nezha Monitoring. From versions 2.0.14 up to before 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatc...

6.4CVSS5.3AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-45048

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.9 Description An authenticated user with low privileges can perform a blind Server-Side Request Forgery SSRF by creating or updating a DDNS profile. By configuring a provider webhook with an arbitra...

6.4CVSS5.5AI score0.00182EPSS
Exploits0References7
Rows per page
Query Builder