CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

394 matches found

Uptime-Kuma < v1.23.0 - Improper Access Control

Uptime-Kuma before v1.23.0 is vulnerable to an information disclosure issue due to missing authorization on the /api/badge/1/ping/24 endpoint. An unauthenticated attacker can access this endpoint to leak ping statistics, such as average ping and ping history, for existing monitors without needing...

5.3CVSS5.5AI score0.00425EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в rpm

A flaw was discovered in RPM’s hdrblobInit function in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The greatest threat from this vulnerability is to system availability...

4.9CVSS6.7AI score0.00063EPSS

Exploits0References2

Hive Pro Threat Advisories•added 2026/05/08 4:52 a.m.•5 views

OT Cybersecurity Challenges for ICS in 2026

OT Cybersecurity Challenges for ICS in 2026 OT cybersecurity has become a board-level risk because industrial control systems are no longer isolated, predictable, or invisible to attackers. In 2026, security teams protecting manufacturing plants, utilities, transportation systems, energy...

5.9AI score

Exploits0

ATTACKERKB•added 2026/04/02 6:55 p.m.•0 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00168EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/04/02 12:0 a.m.•0 views

PT-2026-29875

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42...

9.1CVSS5.8AI score0.00058EPSS

Exploits1References6

RedhatCVE•added 2026/03/26 3:10 p.m.•3 views

CVE-2026-32230

Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 to 2.1.3 , the GET /api/badge/:id/ping/:duration? endpoint in server/routers/api-router.js does not verify that the requested monitor belongs to a public group. All other badge endpoints check AND public = 1 in their SQL query...

5.3CVSS5.9AI score0.00425EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:8 p.m.•1 views

CVE-2026-33130

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

6.5CVSS5.7AI score0.00049EPSS

Exploits1References1

NVD•added 2026/03/20 10:16 a.m.•2 views

CVE-2026-33130

6.5CVSS0.00049EPSS

Exploits1References3

ATTACKERKB•added 2026/03/20 9:50 a.m.•2 views

CVE-2026-33130

6.5CVSS5.7AI score0.00049EPSS

Exploits1References4Affected Software1

EUVD•added 2026/03/20 9:50 a.m.•4 views

EUVD-2026-13670

6.5CVSS5.7AI score0.00049EPSS

Exploits1References3

Vulnrichment•added 2026/03/20 9:50 a.m.•4 views

CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

6.5CVSS5.7AI score0.00049EPSS

Exploits1References3

Cvelist•added 2026/03/20 9:50 a.m.•20 views

CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

6.5CVSS0.00049EPSS

Exploits1References3

CVE•added 2026/03/20 9:50 a.m.•13 views

CVE-2026-33130

Uptime Kuma (versions 1.23.0–2.2.0) is affected by a server-side template injection (SSTI) in notification templates due to an incomplete fix for GHSA-vffh-c9pq-4crh. The Liquid engine mitigations added to limit path resolution (root, relativeReference, dynamicPartials) only block quoted paths; i...

6.5CVSS5.7AI score0.00049EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/20 9:50 a.m.•3 views

CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

6.5CVSS5.8AI score0.00049EPSS

Exploits1References5

CNNVD•added 2026/03/20 12:0 a.m.•3 views

Uptime Kuma 安全漏洞

Uptime Kuma is an easy-to-use, self-hosted monitoring tool developed by Louis Lam. Versions of Uptime Kuma from 1.23.0 to 2.2.0 contain security vulnerabilities. These vulnerabilities stem from incomplete protection against server-side template injections, which could allow unauthorized access to...

6.5CVSS5.8AI score0.00049EPSS

Exploits1References3

Positive Technologies•added 2026/03/20 12:0 a.m.•2 views

PT-2026-26603

6.5CVSS5.7AI score0.00049EPSS

Exploits1References5

NVD•added 2026/03/12 7:16 p.m.•2 views

CVE-2026-32230

5.3CVSS0.00425EPSS

Exploits1References5

CVE•added 2026/03/12 6:13 p.m.•13 views

CVE-2026-32230

Uptime Kuma (2.0.0–2.1.3) contains a missing authorization check on the GET /api/badge/:id/ping/:duration? endpoint. The ping badge endpoint does not verify that the target monitor belongs to a public group, unlike other badge endpoints that enforce public = 1 in SQL queries. This allows unauthen...

5.3CVSS5.8AI score0.00425EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/12 6:13 p.m.•1 views

CVE-2026-32230 Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

5.3CVSS5.8AI score0.00425EPSS

Exploits1References7

Vulnrichment•added 2026/03/12 6:13 p.m.•0 views

CVE-2026-32230 Uptime Kuma is Missing Authorization Checks on Ping Badge Endpoint, Leaks Ping times of monitors without needing to be on a status page

5.3CVSS5.8AI score0.00425EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by