12 matches found
CVE-2026-33142
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143 OneUptime: WhatsApp Webhook Missing Signature Verification
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler /notification/whatsapp/webhook processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any...
CVE-2026-33143
CVE-2026-33143 (OneUptime) affects OneUptime prior to version 10.0.34. The WhatsApp POST webhook handler at /notification/whatsapp/webhook processes events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC, enabling unauthenticated attackers to forge webhook payloads. Impact includes m...
OneUptime SQL注入漏洞
OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of column name validation in multiple query...
SQL Injection
Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...
SUSE: Security Advisory (SUSE-SU-2018:0697-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Composr CMS Cross-Site Scripting Vulnerability
Ocproducts Composr CMS is an open source content management system CMS written in PHP by ocProducts UK. Composr CMS 10.0.34 suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to insert arbitrary web script or HTML by adding a banner to the description fie...
Security update for mariadb (important)
This update for mariadb fixes the following issues: MariaDB was updated to 10.0.34 bsc1078431 The following security vulnerabilities are fixed: - CVE-2018-2562: Vulnerability in the MySQL Server subcomponent: Server : Partition. Easily exploitable vulnerability allowed low privileged attacker wit...