Vulnerabilidades en OneUptime
24 resultadosCVE-2026-27728CRITICALOneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()EPSS 1.7%CVE-2026-30957CRITICALOneUptime Synthetic Monitor RCE via exposed Playwright browser objectEPSS 1.2%CVE-2026-33396CRITICALOneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on ProbeEPSS 0.8%CVE-2024-29194HIGHOneUptime Vulnerable to a Privilege Escalation via Local Storage Key ManipulationEPSS 0.7%CVE-2026-32306CRITICALOneUptime ClickHouse SQL Injection via Aggregate Query ParametersEPSS 0.6%CVE-2026-34759CRITICALOneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposureEPSS 0.6%CVE-2026-35053CRITICALOneUptime: Unauthenticated Workflow Execution via ManualAPIEPSS 0.5%CVE-2026-27574CRITICALOneUptime: node:vm sandbox escape in probe allows any project member to achieve RCEEPSS 0.5%CVE-2026-30956CRITICALOneUptime has authorization bypass via client‑controlled is-multi-tenant-query headerEPSS 0.5%CVE-2026-30958HIGHOneUptime: Path Traversal — Arbitrary File Read (No Auth)EPSS 0.5%CVE-2026-30921CRITICALOneUptime Synthetic Monitor RCE via exposed Playwright browser objectEPSS 0.4%CVE-2026-30887CRITICALOneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCEEPSS 0.4%CVE-2026-30959MEDIUMOneUptime has WhatsApp Resend Verification Authorization BypassEPSS 0.4%CVE-2026-34758CRITICALOneUptime: Missing Authentication on Notification EndpointsEPSS 0.3%CVE-2026-33142HIGHOneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parametersEPSS 0.3%CVE-2026-28787HIGHOneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replayEPSS 0.3%CVE-2026-45102CRITICALOneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursionEPSS 0.3%CVE-2026-34840HIGHOneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature VerificationEPSS 0.3%CVE-2025-65966HIGHOneUptime Unauthorized User Creation via APIEPSS 0.3%CVE-2025-66028MEDIUMOneUptime is Vulnerable to Privilege Escalation via Login Response ManipulationEPSS 0.3%