Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

30 New today
62,201 Total advisories
Live Monitoring

Daily Security Trends (Last 14 Days)

417
Jun 1
295
Jun 2
151
Jun 3
354
Jun 4
517
Jun 5
109
Jun 6
32
Jun 7
255
Jun 8
658
Jun 9
351
Jun 10
245
Jun 11
336
Jun 12
60
Jun 13
Jun 14
Critical
High
Medium
Low
Latest
CVE CVSS 6.4

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user’s DDNS profile context_CVE-2026-53521

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS pr...

CVE-2026-53521 nezhahq nezha >= 2.0.14, < 2.1.0
Read analysis

Recent Advisories

Severity ID Title Vendor Product Date Type
MEDIUM 6.5 CVE-2026-53520

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authen...

nezhahq nezha >= 2.0.14, < 2.1.0 CVE
CRITICAL 9.1 CVE-2026-53519

Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key_CVE-2026-53519

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the ...

nezhahq nezha < 2.0.13 CVE
MEDIUM 5.3 CVE-2026-49397

Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data_CVE-2026-49397

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, privat...

nezhahq nezha >= 2.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-49396

Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim’s agents_CVE-2026-49396

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-...

nezhahq nezha >= 1.0.0, < 2.0.14 CVE
HIGH 7.1 CVE-2026-48119

Nezha Monitoring: Authenticated agents can forge service-monitor results for other users’ services_CVE-2026-48119

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authe...

nezhahq nezha >= 0.20.0, < 2.0.12 CVE
MEDIUM 6.4 CVE-2026-47268

Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host_CVE-2026-47268

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an au...

nezhahq nezha >= 0.20.0, < 2.0.10 CVE
MEDIUM 6.5 CVE-2026-47124

Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members_CVE-2026-47124

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.9, any aut...

nezhahq nezha >= 1.4.0, < 2.0.9 CVE
HIGH 7.1 CVE-2026-47120

Nezha Monitoring: RoleMember can fire other users’ cron tasks via AlertRule.FailTriggerTasks (no ownership check)_CVE-2026-47120

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleM...

nezhahq nezha >= 1.4.0, < 2.0.8 CVE
HIGH 7.7 CVE-2026-46717

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification_CVE-2026-46717

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's...

nezhahq nezha >= 1.4.0, < 2.0.8 CVE