Lucene search
+L

12 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.7 views

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.8 views

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS5.8AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 9:17 p.m.9 views

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS0.00182EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 8:5 p.m.9 views

CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS5.8AI score0.00182EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:5 p.m.5 views

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS5.8AI score0.00182EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 8:5 p.m.30 views

CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...

8.7CVSS0.00182EPSS
Exploits1References1
CVE
CVE
added 2026/03/20 8:5 p.m.23 views

CVE-2026-33143

CVE-2026-33143 (OneUptime) affects OneUptime prior to version 10.0.34. The WhatsApp POST webhook handler at /notification/whatsapp/webhook processes events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC, enabling unauthenticated attackers to forge webhook payloads. Impact includes m...

8.7CVSS5.8AI score0.00182EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

OneUptime SQL注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of column name validation in multiple query...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/18 4:34 p.m.3 views

SQL Injection

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

8.6CVSS6AI score0.00301EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.37 views

SUSE: Security Advisory (SUSE-SU-2018:0697-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.03952EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.7 views

Composr CMS Cross-Site Scripting Vulnerability

Ocproducts Composr CMS is an open source content management system CMS written in PHP by ocProducts UK. Composr CMS 10.0.34 suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to insert arbitrary web script or HTML by adding a banner to the description fie...

5.8AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2018/03/17 6:8 p.m.321 views

Security update for mariadb (important)

This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 bsc1078431 The following security vulnerabilities are fixed: - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker wit...

7.5CVSS7.1AI score0.03952EPSS
Exploits0References1
Rows per page
Query Builder