Lucene search
K

425 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS5.9AI score0.00475EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/28 3:54 p.m.242 views

penclaw

🦀 PenClaw AI-powered penetration testing CLI. One command...

6AI score
Exploits0
Veracode
Veracode
added 2026/03/28 5:23 a.m.8 views

Environment Variable Leak

changedetection.io is vulnerable to Environment Variable Leak. The vulnerability is due to the use of the jq env builtin in include filter expressions, where an authenticated user can leak sensitive environment variables including SALTEDPASS, PLAYWRIGHTDRIVERURL, HTTPPROXY, and any secrets passed...

8.3CVSS5.7AI score0.00475EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.11 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 10:1 p.m.19 views

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

8.3CVSS5.9AI score0.00475EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/27 10:1 p.m.21 views

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS0.00475EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.3AI score0.00832EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 6:31 p.m.4 views

EUVD-2026-16275

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

7.8CVSS5.8AI score0.00407EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 6:16 p.m.4 views

CVE-2026-32857

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS0.00407EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 5:29 p.m.9 views

CVE-2026-32857 Firecrawl Playwright Service SSRF Protection Bypass via Missing Post-Redirect Validation

Firecrawl version 2.8.0 and prior contain a server-side request forgery SSRF protection bypass vulnerability in the Playwright scraping service where network policy validation is applied only to the initial user-supplied URL and not to subsequent redirect destinations. Attackers can supply an...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 5:29 p.m.16 views

CVE-2026-32857

Firecrawl versions 2.8.0 and earlier contain a server-side request forgery (SSRF) protection bypass in the Playwright scraping service. The issue arises because network policy validation is applied only to the initial user-supplied URL and not to subsequent redirected destinations, enabling an ex...

8.6CVSS5.8AI score0.00407EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.10 views

CVE-2026-30957

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS6.8AI score0.01153EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 2:16 p.m.6 views

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS0.00832EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 1:40 p.m.2 views

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.2AI score0.00832EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:40 p.m.2 views

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.2AI score0.00832EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/26 1:40 p.m.22 views

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS0.00832EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 1:40 p.m.6 views

EUVD-2026-16189

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.2AI score0.00832EPSS
Exploits1References2
CVE
CVE
added 2026/03/26 1:40 p.m.12 views

CVE-2026-33396

OneUptime prior to 10.0.35 allows a low-privileged authenticated user (ProjectMember) to escape sandbox in Synthetic Monitor Playwright runtime and execute arbitrary commands on the Probe container/host. The sandbox denial-list omits blocking _browserType and launchServer, enabling traversal via ...

9.9CVSS6.2AI score0.00832EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 1:40 p.m.5 views

CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...

9.9CVSS6.3AI score0.00832EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28479

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.35 Description OneUptime is an open-source monitoring and observability platform. A low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing...

9.9CVSS6.6AI score0.00832EPSS
Exploits1References11
Rows per page
Query Builder