20 matches found
CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...
CVE-2026-33396 OneUptime has sandbox escape in Synthetic Monitor Playwright runtime allows project members to execute arbitrary commands on Probe
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...
CVE-2026-33396
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...
CVE-2026-33396
OneUptime prior to 10.0.35 allows a low-privileged authenticated user (ProjectMember) to escape sandbox in Synthetic Monitor Playwright runtime and execute arbitrary commands on the Probe container/host. The sandbox denial-list omits blocking _browserType and launchServer, enabling traversal via ...
CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...
CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...
EUVD-2026-10561
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object...
CVE-2026-30921
OneUptime has a server-side RCE in Synthetic Monitors prior to version 10.0.20: untrusted user-provided Playwright code runs inside the oneuptime-probe VM with live Playwright objects (browser/page) injected, allowing an attacker to call browser.browserType().launch() and spawn arbitrary executab...
CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...
EUVD-2024-54667
Malicious code in bioql PyPI...
BIT-KIBANA-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
BIT-ELK-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Kibana has a vulnerability CVE-2024-43706 described as Improper authorization that enables privilege abuse through a direct HTTP request to a Synthetic monitor endpoint. Multiple sources summarize that affected versions include Kibana up to 8.12.0, with a fix released in 8.12.1 (ESA-2024-21). The...
Elastic Kibana 安全漏洞
Elastic Kibana is an available data visualization dashboard software from Elastic. A security vulnerability exists in Elastic Kibana that stems from improper authorization and could lead to abuse of privilege via direct HTTP requests to Synthetic monitor endpoints...
New Relic: Ability to view monitor names of other NR accounts through internal API (v3) via "monitor_id" parameter
NR Alerts gives you the granularity to set alert conditions on an alert policy depending on the conditions you specify at the https://alerts.newrelic.com/accounts/ACCOUNTNUMBER/policies/POLICYID/conditions/new URL. When you select an entity for the condition, the application does not check to...