Lucene search
K

425 matches found

EUVD
EUVD
added 2026/03/09 10:58 p.m.5 views

EUVD-2026-10434

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/09 10:58 p.m.2 views

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:58 p.m.4 views

CVE-2026-30921

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/09 10:58 p.m.41 views

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 10:58 p.m.6 views

EUVD-2026-10435

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References1
CVE
CVE
added 2026/03/09 10:58 p.m.19 views

CVE-2026-30921

OneUptime has a server-side RCE in Synthetic Monitors prior to version 10.0.20: untrusted user-provided Playwright code runs inside the oneuptime-probe VM with live Playwright objects (browser/page) injected, allowing an attacker to call browser.browserType().launch() and spawn arbitrary executab...

9.9CVSS6AI score0.00445EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/09 10:58 p.m.5 views

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/09 10:40 p.m.5 views

CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

9.9CVSS6AI score0.00387EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 10:40 p.m.4 views

CVE-2026-30887 OneUptime Affected by Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By...

9.9CVSS6.1AI score0.00387EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/03/08 2:31 a.m.207 views

Plasma

Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...

6.3AI score
Exploits0
Snyk
Snyk
added 2026/03/07 2:39 a.m.3 views

Exposed Dangerous Method or Function

Overview @oneuptime/common is a The OneUptime Common UI Library is a collection of shared components, utilities that are used across the OneUptime platform. It is designed to be easy to install and use, and to be extensible. This library is built with React and TypeScript. It includes c Affected...

9.9CVSS6AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/03/07 2:39 a.m.2 views

GHSA-4J36-39GM-8VQ8 OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page...

9.9CVSS6.2AI score0.00445EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2026/03/07 2:39 a.m.9 views

OneUptime: Synthetic Monitor RCE via exposed Playwright browser object

Summary OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside Node's vm and is given live host Playwright objects such as browser and page...

9.9CVSS6.2AI score0.00445EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2026/03/07 2:30 a.m.1 views

GHSA-H343-GG57-2Q67 OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE

Summary OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape this.constructor.constructor, an...

9.9CVSS6.2AI score0.00387EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-24093

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.20 Description OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. This code runs within Node's vm and is provided...

9.9CVSS6.2AI score0.00445EPSS
Exploits1References25
OSV
OSV
added 2026/02/19 11:6 p.m.6 views

CVE-2026-26329 OpenClaw has a path traversal in browser upload allows local file read

OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authenticated attackers can read arbitrary files from the Gateway host by supplying absolute paths or path traversal sequences to the browser tool's upload action. The server passed these paths to Playwright's setInputFiles APIs...

7.1CVSS6AI score0.00408EPSS
Exploits0References5
CVE
CVE
added 2026/02/19 11:6 p.m.17 views

CVE-2026-26329

OpenClaw contains a path traversal in the browser tool upload action that allows an authenticated user to read arbitrary files on the Gateway host by supplying absolute or traversal paths. This existed prior to version 2026.2.14; the server passed user-supplied paths to Playwright's setInputFiles...

7.1CVSS5.9AI score0.00408EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/02/18 5:37 p.m.4 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the waitForDownloadViaPlaywright and downloadViaPlaywright functions. An attacker can write files outside the intended temporary downloads directory by supplying a...

8.7CVSS6.5AI score0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/01/30 4:26 p.m.3 views

CLEANSTART-2026-MB75553 vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record

Multiple security vulnerabilities affect the playwright-python package. A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00681EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/08 8:55 a.m.7 views

CVE-2025-9611

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

7.2CVSS6.6AI score0.00844EPSS
Exploits0References1
Rows per page
Query Builder