CVE-2026-27728
- EPSS 0.37%
- Veröffentlicht 25.02.2026 16:25:09
- Zuletzt bearbeitet 02.03.2026 18:56:30
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating syste...
CVE-2026-27574
- EPSS 0.06%
- Veröffentlicht 21.02.2026 10:13:03
- Zuletzt bearbeitet 23.02.2026 20:36:09
OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, allo...
CVE-2025-66028
- EPSS 0.06%
- Veröffentlicht 26.11.2025 18:11:49
- Zuletzt bearbeitet 05.12.2025 13:57:23
OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege escalation via Login Response Manipulation. During the login process, the server response included a parameter called...
CVE-2025-65966
- EPSS 0.06%
- Veröffentlicht 26.11.2025 18:10:16
- Zuletzt bearbeitet 05.12.2025 14:05:09
OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in...
CVE-2024-29194
- EPSS 0.07%
- Veröffentlicht 24.03.2024 19:15:07
- Zuletzt bearbeitet 05.12.2025 19:56:24
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the br...