Lucene search
+L

3 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 6:50 p.m.3 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS5.8AI score0.006EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 6:50 p.m.26 views

CVE-2026-34759

Affected software: OneUptime Open Source platform (prior to v10.0.42). Vulnerability: Multiple notification API endpoints were registered without authentication middleware, exposing /notification/ and enabling an unauthenticated attacker to exploit a projectId leak from the public Status Page API...

9.2CVSS5.8AI score0.006EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/02 6:50 p.m.3 views

CVE-2026-34759 OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServiceMiddleware. Thes...

9.2CVSS5.8AI score0.006EPSS
Exploits1References5
Rows per page
Query Builder