nezhahq Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by nezhahq
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
CVE-2026-53519NezhahqNezha9.1CRITICALNezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents
CVE-2026-49396NezhahqNezha7.1HIGHNezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
CVE-2026-48119NezhahqNezha7.1HIGHNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
CVE-2026-47120NezhahqNezha7.1HIGHNezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
CVE-2026-46717NezhahqNezha7.7HIGHNezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
CVE-2026-46716NezhahqNezha9.9CRITICAL