EUVD-2026-10561

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object...

CVE-2026-30921

OneUptime has a server-side RCE in Synthetic Monitors prior to version 10.0.20: untrusted user-provided Playwright code runs inside the oneuptime-probe VM with live Playwright objects (browser/page) injected, allowing an attacker to call browser.browserType().launch() and spawn arbitrary executab...