oneuptime
Enterprise Softwarecommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting oneuptime.
- CVE-2026-45102OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion9.9
- CVE-2026-35053OneUptime: Unauthenticated Workflow Execution via ManualAPI9.8
- CVE-2026-34840OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification8.1
- CVE-2026-34759OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure8.1
- CVE-2026-34758OneUptime: Missing Authentication on Notification Endpoints9.1
- CVE-2026-33396OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe9.9
- CVE-2026-33142OneUptime: ClickHouse SQL Injection via unvalidated column identifiers in sort, select, and groupBy parameters8.1
- CVE-2026-33143OneUptime: WhatsApp Webhook Missing Signature Verification7.5
- CVE-2026-32598OneUptime: Password Reset Token Logged at INFO Level6.5
- CVE-2026-32308OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")7.6
- CVE-2026-32306OneUptime ClickHouse SQL Injection via Aggregate Query Parameters9.9
- CVE-2026-30959OneUptime has WhatsApp Resend Verification Authorization Bypass5.0
- CVE-2026-30958OneUptime: Path Traversal — Arbitrary File Read (No Auth)7.2
- CVE-2026-30957OneUptime Synthetic Monitor RCE via exposed Playwright browser object9.9
- CVE-2026-30956OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header9.9