Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

38 New today
62,269 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

295
Jun 2
151
Jun 3
354
Jun 4
517
Jun 5
109
Jun 6
32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
68
Jun 14
Jun 15
Critical
High
Medium
Low

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 5.3 CVE-2026-49397

Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...

nezhahq nezha >= 2.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-49396

Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim’s agents_CVE-2026-49396

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-...

nezhahq nezha >= 1.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-48119

Nezha Monitoring: Authenticated agents can forge service-monitor results for other users’ services_CVE-2026-48119

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authe...

nezhahq nezha >= 0.20.0, < 2.0.12 CVE
MEDIUM 6.4 CVE-2026-47268

Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...

nezhahq nezha >= 0.20.0, < 2.0.10 CVE
MEDIUM 6.5 CVE-2026-47124

Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members_CVE-2026-47124

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any aut...

nezhahq nezha >= 1.4.0, < 2.0.9 CVE
HIGH 7.1 CVE-2026-47120

Nezha Monitoring: RoleMember can fire other users’ cron tasks via AlertRule.FailTriggerTasks (no ownership check)_CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...

nezhahq nezha >= 1.4.0, < 2.0.8 CVE
HIGH 7.7 CVE-2026-46717

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification_CVE-2026-46717

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's...

nezhahq nezha >= 1.4.0, < 2.0.8 CVE
CRITICAL 9.9 CVE-2026-46716

Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron_CVE-2026-46716

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...

nezhahq nezha >= 1.4.0, < 2.0.8 CVE
MEDIUM 5.3 CVE-2026-12131

CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection_CVE-2026-12131

A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \appl...

CodeAstro Human Resource Management System 1.0 CVE