Vulnerabilidades em nezhahq
13 resultadosCVE-2026-53519CRITICALNezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_keyEPSS 0.5%CVE-2026-46716CRITICALNezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cronEPSS 0.3%CVE-2026-53522MEDIUMNezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoSEPSS 0.3%CVE-2026-53520MEDIUMNezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routingEPSS 0.3%CVE-2026-47124MEDIUMNezha WebSocket server stream discloses cross-tenant server telemetry to authenticated membersEPSS 0.3%CVE-2026-46717HIGHNezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notificationEPSS 0.3%CVE-2026-48119HIGHNezha Monitoring: Authenticated agents can forge service-monitor results for other users' servicesEPSS 0.3%CVE-2026-47120HIGHNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)EPSS 0.3%CVE-2026-49397MEDIUMNezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing dataEPSS 0.3%CVE-2026-53523MEDIUMNezha Monitoring: OAuth2 Redirect URL — Host Header InjectionEPSS 0.2%CVE-2026-53521MEDIUMNezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile contextEPSS 0.2%CVE-2026-47268MEDIUMNezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard hostEPSS 0.2%CVE-2026-49396HIGHNezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agentsEPSS 0.1%