Lucene search
K

5 matches found

NVD
NVD
added 2026/06/12 10:16 p.m.11 views

CVE-2026-49397

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version...

5.3CVSS0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 9:3 p.m.9 views

EUVD-2026-36597

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version...

5.3CVSS5.2AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 9:3 p.m.23 views

CVE-2026-49397

CVE-2026-49397 affects Nezha Monitoring (2.x). Private services (EnableShowInService: false) are leaked via per-server endpoints and service history endpoints due to inconsistent filtering: CopyStats() hides private services in the public listing, but Get/GetSortedList() and endpoints like GET /a...

5.3CVSS5.2AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 1:39 p.m.6 views

GHSA-VRMH-5MMX-HJWX Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...

5.3CVSS5.7AI score0.00253EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 1:39 p.m.12 views

Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

Private services EnableShowInService: false are enumerable via per-server endpoints, leaking name and timing data CWE: CWE-285 Improper Authorization via CWE-200 Exposure of Sensitive Information to an Unauthorized Actor and CWE-863 Incorrect Authorization — inconsistent gating across data-reader...

5.3CVSS5.7AI score0.00253EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder