Lucene search
K

425 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Firecrawl 代码问题漏洞

Firecrawl is an open-source AI web crawler tool developed by Mendable.ai. Versions of Firecrawl 2.8.0 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a flaw in the Playwright crawling service, where server-side request forgery protection was bypassed, potentially...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28444

Name of the Vulnerable Software and Affected Versions Firecrawl versions 2.8.0 and earlier Description The software contains a server-side request forgery SSRF protection bypass in the Playwright scraping service. The network policy validation is applied only to the initial URL provided by the us...

8.6CVSS5.9AI score0.00407EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:26 p.m.5 views

Malicious code in cit-playwright-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7b3ed19c372c719b1d1b35ada72bf080aa8bc45406114b8361a94360bf2eb48 The package cit-playwright-tests was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 6:26 p.m.3 views

MAL-2026-2080 Malicious code in cit-playwright-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b7b3ed19c372c719b1d1b35ada72bf080aa8bc45406114b8361a94360bf2eb48 The package cit-playwright-tests was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/19 11:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/18 7:53 p.m.6 views

com.braimanm:uitaf (>=3.0.0 <=3.2.3), com.braimanm:uitaf-playwright (>=1.0.0-alpha <=1.0.1-alpha) +7 more potentially affected by CVE-2026-33166 via io.qameta.allure:allure-generator (>=2.10.0 <=2.37.0)

io.qameta.allure:allure-generator MAVEN version =2.10.0, =3.0.0, =1.0.0-alpha, =1.1.0, =0.1.17, =0.1.17, =1.0-RC1, =2.10.0, =2.37.0 - org.uitaf:uitaf-playwright =1.0.1 Source cves: CVE-2026-33166 Source advisory: OSV:GHSA-64HM-GFWQ-JPPW...

8.6CVSS5.8AI score0.00539EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.4 views

CVE-2026-30921

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 6:18 p.m.2 views

CVE-2026-30957

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS0.01153EPSS
Exploits1References2
NVD
NVD
added 2026/03/10 5:40 p.m.2 views

CVE-2026-30921

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS0.00445EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/10 4:58 p.m.27 views

CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS0.01153EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 4:58 p.m.2 views

CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:58 p.m.3 views

CVE-2026-30957

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/10 4:58 p.m.18 views

CVE-2026-30957

CVE-2026-30957 / GHSA-JW8Q-GJVG-8W4Q describes a server-side remote code execution in OneUptime’s Synthetic Monitors. The root cause is that untrusted Synthetic Monitor code runs inside Node VM with live Playwright browser/page objects injected into the VM context. Although VMRunner proxies host ...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/10 4:58 p.m.3 views

EUVD-2026-10562

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 4:58 p.m.3 views

CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/10 1:12 a.m.11 views

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page...

9.9CVSS6.6AI score0.01153EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/10 1:12 a.m.3 views

Exposed Dangerous Method or Function

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.9CVSS6.1AI score0.01153EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 1:12 a.m.3 views

GHSA-JW8Q-GJVG-8W4Q OneUptime has Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page...

9.9CVSS6.6AI score0.01153EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24190

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.21 Description OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic...

9.9CVSS6.5AI score0.01153EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

OneUptime 安全漏洞

OneUptime is a comprehensive open-source solution developed by OneUptime. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.20 contained security vulnerabilities. These vulnerabilities stemmed from the ability for low-privilege users to submit custom...

9.9CVSS6.5AI score0.00445EPSS
Exploits1References2
Rows per page
Query Builder