Lucene search
K

143 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.8 views

CVE-2026-30956

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.4 views

IBM QRadar SIEM 7.5.x < 7.5.0 UP15 Multiple Vulnerabilities

According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 15. It is, therefore, affected by multiple vulnerabilities: - IBM QRadar SIEM could allow an attacker with access to one tenant to access hostname data from another...

6.2CVSS5.6AI score0.0018EPSS
Exploits0References5
NVD
NVD
added 2026/03/19 3:16 a.m.5 views

CVE-2025-13995

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

5CVSS0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 1:55 a.m.2 views

CVE-2025-13995 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

5CVSS5.8AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 1:55 a.m.27 views

CVE-2025-13995 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account...

5CVSS0.0018EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 8:0 p.m.7 views

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 8:0 p.m.7 views

EUVD-2026-11719

OneUptime ClickHouse SQL Injection via Aggregate Query Parameters...

9.9CVSS5.9AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 8:0 p.m.3 views

GHSA-P5G2-JM85-8G35 OneUptime ClickHouse SQL Injection via Aggregate Query Parameters

Summary The telemetry aggregation API accepts user-controlled aggregationType, aggregateColumnName, and aggregationTimestampColumnName parameters and interpolates them directly into ClickHouse SQL queries via the .append method documented as "trusted SQL". There is no allowlist, no parameterized...

9.9CVSS6.7AI score0.00603EPSS
Exploits1References4
NVD
NVD
added 2026/03/10 6:18 p.m.5 views

CVE-2026-30956

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

9.9CVSS0.00494EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 4:56 p.m.1 views

CVE-2026-30956 OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 4:56 p.m.5 views

CVE-2026-30956

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/10 4:56 p.m.5 views

EUVD-2026-10560

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by sending a forged is-multi-tenant-query header together with a controlled projectid header. Because the...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/10 1:9 a.m.5 views

Missing Authorization

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References2
CVE
CVE
added 2026/03/07 4:35 p.m.22 views

CVE-2026-30859

WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/07 4:35 p.m.3 views

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

5.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/06 11:57 p.m.8 views

WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

6.5CVSS5.9AI score0.00213EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/06 11:55 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetKnowledgeBaseByID function. An attacker can access and duplicate sensitive data from other tenants by providing the identifier of a knowledge base belonging to a different...

8.2CVSS5.8AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 11:55 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetKnowledgeBaseByID function. An attacker can access and duplicate sensitive data from other tenants by providing the identifier of a knowledge base belonging to a different...

8.2CVSS5.8AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 11:55 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetKnowledgeBaseByID function. An attacker can access and duplicate sensitive data from other tenants by providing the identifier of a knowledge base belonging to a different...

8.2CVSS5.8AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 11:55 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetKnowledgeBaseByID function. An attacker can access and duplicate sensitive data from other tenants by providing the identifier of a knowledge base belonging to a different...

8.2CVSS5.8AI score0.00222EPSS
Exploits1References2
Rows per page
Query Builder