Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

8.6CVSS7.4AI score0.00462EPSS
Exploits1References1
NVD
NVD
added 2026/03/10 6:18 p.m.8 views

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

8.6CVSS0.00462EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:1 p.m.1 views

CVE-2026-30958

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References2
CVE
CVE
added 2026/03/10 5:1 p.m.14 views

CVE-2026-30958

OneUptime CVE-2026-30958 describes an unauthenticated path traversal vulnerability in the /workflow/docs/:componentName endpoint, where the componentName parameter is directly concatenated into the server file path used by res.sendFile(), enabling arbitrary file reads. Root cause: lack of sanitiz...

8.6CVSS5.9AI score0.00462EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/10 5:1 p.m.2 views

CVE-2026-30958 OneUptime: Path Traversal — Arbitrary File Read (No Auth)

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file...

7.2CVSS5.9AI score0.00462EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

OneUptime 路径遍历漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.21 contained a path traversal vulnerability. This vulnerability stemmed from the /workflow/docs/ endpoint’s path traversal, which cou...

8.6CVSS7.4AI score0.00462EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24254

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.21 Description OneUptime is a solution for monitoring and managing online services. A path traversal issue exists in the /workflow/docs/:componentName API endpoint, allowing unauthenticated reading of arbitrary...

8.6CVSS5.9AI score0.00462EPSS
Exploits1References10
PyPA
PyPA
added 2025/07/21 9:15 p.m.11 views

PYSEC-2025-71

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...

7.6CVSS6.8AI score0.00244EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/21 8:15 p.m.2 views

CVE-2025-53528 Cadwyn is vulnerable to an XSS attack through its docs page

Cadwyn creates production-ready community-driven modern Stripe-like API versioning in FastAPI. In versions before 5.4.3, the version parameter of the "/docs" endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. This XSS would notably allow an attacker to execute JavaScript code ...

7.6CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.3 views

Cadwyn 跨站脚本漏洞

Cadwyn is an API version control application by the individual developer Stanislav Zmiev. A cross-site scripting vulnerability exists in Cadwyn 5.4.3 and earlier versions, which stems from insufficient validation of the /docs endpoint version parameter input and could lead to a reflective...

7.6CVSS5.8AI score0.00244EPSS
Exploits0References3
Rows per page
Query Builder