Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

180 matches found

RedhatCVE
RedhatCVEadded 2026/05/30 2:12 a.m.11 views

CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 8:16 p.m.11 views

CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/27 6:50 p.m.9 views

CVE-2026-45102 OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 6:50 p.m.18 views

CVE-2026-45102

CVE-2026-45102 concerns OneUptime, an open-source monitoring platform. Prior to version 10.0.98, OneUptime used Node.js vm module as an isolation primitive, which is not intended for security boundaries and can be escaped via error objects and infinite recursion, potentially enabling remote code ...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 6:50 p.m.43 views

CVE-2026-45102 OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS0.00266EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/27 6:50 p.m.9 views

EUVD-2026-32632

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 6:50 p.m.7 views

CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.6 views

PT-2026-44077

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.98 Description OneUptime is an open-source monitoring and observability platform. The software uses the Node.js vm module as an isolation primitive. Because this API was not designed for isolation, it can be...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/27 12:0 a.m.8 views

OneUptime 安全漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.98 contained security vulnerabilities. These vulnerabilities stemmed from the use of the Node.js vm module as an isolation primitive,...

9.9CVSS5.8AI score0.00266EPSS
Exploits0References2
Veracode
Veracodeadded 2026/05/06 5:22 p.m.14 views

Privilege Escalation

@oneuptime/common is vulnerable to privilege escalation. The vulnerability is due to improper validation of the isMasterAdmin parameter in the login response, which allows an attacker to manipulate its value and gain unauthorized access to the admin dashboard...

8.2CVSS5.8AI score0.00259EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/03 11:2 p.m.1 views

CVE-2026-34840

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS5.9AI score0.00264EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/03 11:2 p.m.3 views

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

9.1CVSS5.8AI score0.00348EPSS
Exploits1References1
NVD
NVDadded 2026/04/02 8:16 p.m.0 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.8CVSS0.00546EPSS
Exploits1References2
NVD
NVDadded 2026/04/02 8:16 p.m.0 views

CVE-2026-34840

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS0.00264EPSS
Exploits1References3
NVD
NVDadded 2026/04/02 7:21 p.m.1 views

CVE-2026-34759

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS0.006EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/02 6:55 p.m.17 views

CVE-2026-35053 OneUptime: Unauthenticated Workflow Execution via ManualAPI

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS0.00546EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/02 6:55 p.m.0 views

CVE-2026-35053 OneUptime: Unauthenticated Workflow Execution via ManualAPI

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References2
CVE
CVEadded 2026/04/02 6:55 p.m.33 views

CVE-2026-35053

OneUptime prior to v10.0.42 exposes unauthenticated access in the Worker service ManualAPI endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId, allowing an attacker who can obtain or guess a workflowId to trigger arbitrary workflow execution with attacker-cont...

9.8CVSS6.2AI score0.00546EPSS
Exploits1References2Affected Software1
EUVD
EUVDadded 2026/04/02 6:52 p.m.2 views

EUVD-2026-18533

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS5.9AI score0.00264EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/02 6:52 p.m.31 views

CVE-2026-34840 OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS0.00264EPSS
Exploits1References3
Rows per page
Query Builder