GHSA-VRMH-5MMX-HJWX Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...

Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...

PT-2026-48482

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 2.0.0 through 2.0.13 Description Private services configured with EnableShowInService: false are enumerable, leading to the leak of service names and timing data. While the main service-listing endpoint correctly...

OTRS Security Vulnerabilities

OTRS is a software application from the German company OTRS. A service management software. A security vulnerability exists in OTRS and OTRS Community Edition that stems from a path traversal vulnerability in the file upload functionality that allows an authenticated user to upload potentially...

The vulnerability of the RADIUS protocol implementation (Remote Authentication in Dial-In User Service) of the Cisco Identity Services Engine (ISE) allows a perpetrator to cause service interruptions.

The vulnerability of the RADIUS protocol Remote Authentication in Dial-In User Service implementation of the Cisco Identity Services Engine ISE is related to errors in processing requests. Exploiting this vulnerability allows a malicious actor to cause service denial by sending a specially crafte...

Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Trend Micro Apex One Security Agent Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

The vulnerability of the FFmpeg multimedia library in the Debian GNU/Linux operating system allows a perpetrator to trigger an octath in service or execute arbitrary code.

The vulnerability of the FFmpeg multimedia library in the Debian GNU/Linux operating system is related to insufficient testing of input data. Exploiting this vulnerability could allow an attacker to trigger an octath in the service or execute arbitrary code...

The vulnerability of the RADIUS protocol implementation (Remote Authentication in Dial-In User Service) of the Cisco Identity Services Engine (ISE) allows a perpetrator to cause service interruptions.

The vulnerability of the RADIUS protocol implementation Remote Authentication in Dial-In User Service of the Cisco Identity Services Engine ISE is related to incorrect processing of RADIUS requests. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Defrauding the US Military: $379 million lost in 5 years to scams

By Sudais Asif The most successful scams targeting both in-service and retired US military veterans were... This is a post from HackRead.com Read the original post: Defrauding the US Military: $379 million lost in 5 years to scams...