2 matches found
CVE-2026-30957
CVE-2026-30957 / GHSA-JW8Q-GJVG-8W4Q describes a server-side remote code execution in OneUptime’s Synthetic Monitors. The root cause is that untrusted Synthetic Monitor code runs inside Node VM with live Playwright browser/page objects injected into the VM context. Although VMRunner proxies host ...
@oneuptime/cli (>=10.0.10 <=10.0.20) potentially affected by CVE-2026-30957 via @oneuptime/common (>=10.0.10 <=10.0.20)
@oneuptime/common NPM version =10.0.10, =10.0.10, =10.0.20 Source cves: CVE-2026-30957 Source advisory: OSV:GHSA-JW8Q-GJVG-8W4Q...