CVE-2026-59155: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in nezhahq nezha
Nezha Monitoring versions prior to 2.2.5 expose sensitive third-party API credentials in plaintext via the GET /api/v1/ddns and GET /api/v1/notification endpoints. Authenticated users with specific…
Read the full articleYou might also wanna read

WAF - WAF Release - 2025-05-19
This week's analysis covers four vulnerabilities, with three rated critical due to their Remote Code Execution (RCE) potential. One targets

WAF - WAF Release - 2025-09-29
This week highlights four important vendor- and component-specific issues: an authentication bypass in SimpleHelp (CVE-2024-57727), an infor

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8562
A look at how Kubernetes CVE-2020-8562 allows attackers to bypass API server proxy protections using DNS rebinding
Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
CVE-2026-48558 lets attackers forge OIDC identity tokens to gain fully authenticated technician sessions in SimpleHelp RMM, enabling file tr

WAF - WAF Release - 2025-08-29 - Emergency
This week's update This week, new critical vulnerabilities were disclosed in Next.js’s image optimization functionality, exposing a broad ra

Comments
Sign in to join the conversation.
No comments yet. Be the first.