4 matches found
CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...
CVE-2025-13765
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...
CVE-2025-13765
CVE-2025-13765 affects Devolutions Server, where email service credentials are exposed to non-administrative users. Public details in connected documents specify affected versions as before 2025.2.21 and before 2025.3.9. The issue’s root cause is credential exposure in the email service, with mul...
CVE-2025-13765
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...