4 matches found
CVE-2026-33396
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...
CVE-2026-33396
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic monitor code is...
PT-2026-28479
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.35 Description OneUptime is an open-source monitoring and observability platform. A low-privileged authenticated user ProjectMember can achieve remote command execution on the Probe container/host by abusing...
PT-2026-24091
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.18 Description OneUptime allows project members to execute custom Playwright/JavaScript code via Synthetic Monitors. This code is executed within the Node.js vm module, which is not a secure sandbox. An attacke...