EUVD-2026-10561

OneUptime has Synthetic Monitor RCE via exposed Playwright browser object...

CVE-2026-30921

OneUptime has a server-side RCE in Synthetic Monitors prior to version 10.0.20: untrusted user-provided Playwright code runs inside the oneuptime-probe VM with live Playwright objects (browser/page) injected, allowing an attacker to call browser.browserType().launch() and spawn arbitrary executab...

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page...

EUVD-2024-39882

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-42329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for...

CVE-2024-42329

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

DEBIAN-CVE-2024-42329

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42329

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

UBUNTU-CVE-2024-42329

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42329

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42329 JS - Crash on unexpected HTTP server response

The webdriver for the Browser object expects an error object to be initialized when the webdriversessionquery function fails. But this function can fail for various reasons without an error description and then the wd-error will be NULL and trying to read from it will result in a crash...

CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

PT-2024-9611 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Browser object affected versions not specified Zabbix affected versions not specified Description: The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is a...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix versions 7.0.0 to 7.0.3, which stems from the use of the webdriver for the Browser object to...

Blaxxun Contact 3D - X-CC3D Browser Object Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/10064/info The Blaxxun Contact 3D browser object for Internet Explorer is reported to be prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient boundary checks performed on data assigned to a browser object variable...