Lucene search
K

9839 matches found

Cvelist
Cvelist
added 2026/06/12 9:3 p.m.31 views

CVE-2026-49396 Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14...

7.1CVSS0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:3 p.m.6 views

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.10 views

EUVD-2026-36595

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.28 views

CVE-2026-48119 Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12...

7.1CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.62 views

CVE-2026-48119

CVE-2026-48119 (Nezha Monitoring) involves authenticated agents forging service-monitor results for other users’ services in versions 0.20.0 through pre-2.0.12. The vulnerability arises from the service-monitor worker not verifying that the reporter server and service ownership align with the rep...

7.1CVSS5.2AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:3 p.m.8 views

CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.9 views

EUVD-2026-36594

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.24 views

CVE-2026-47124

CVE-2026-47124 (Nezha Monitoring) : In versions 1.4.0 through before 2.0.9, any authenticated non-admin user can connect to the server-status WebSocket and receive telemetry for all servers, including those owned by other users. The WebSocket stream bypasses per-server HasPermission checks, retur...

6.5CVSS5.2AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:3 p.m.27 views

CVE-2026-47124 Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users...

6.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:2 p.m.25 views

CVE-2026-47120

CVE-2026-47120 affects Nezha Monitoring: from v1.4.0 to before v2.0.8, a RoleMember can trigger other users’ cron tasks via AlertRule.FailTriggerTasks without ownership checks, enabling admin cron commands to run on all servers. The issue is resolved in v2.0.8. Exploitation details in connected s...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.7 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:2 p.m.10 views

EUVD-2026-36593

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 9:2 p.m.29 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.13 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:2 p.m.9 views

EUVD-2026-36592

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:0 p.m.122 views

CVE-2026-46716

Nezha Monitoring (nezhahq/nezha) is affected by CVE-2026-46716: from version 1.4.0 up to just before 2.0.8, a RoleMember can create a cron task with Cover=CronCoverAll and Servers=[]; on every tick, the dashboard fans out the command to all servers in the global ServerShared map, including other ...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 9:0 p.m.26 views

CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS0.00339EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:0 p.m.13 views

CVE-2026-46716 Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/12 9:0 p.m.8 views

EUVD-2026-36591

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers= and an arbitrary Command. At every tick of the scheduler, the dashboard...

9.9CVSS5.4AI score0.00339EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 8:56 p.m.32 views

CVE-2026-47268 Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request...

6.4CVSS0.00182EPSS
Exploits0References1
Rows per page
Query Builder