VulnSea
CVE-2026-49397 — Nezha's private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data · VulnSea