CRITICAL9.9CVE-2026-30957OneUptime has Synthetic Monitor RCE via exposed Playwright browser object from 0, < 10.0.21
CRITICAL9.9CVE-2026-30956OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover from 0, < 10.0.21
CRITICAL9.9CVE-2026-30921OneUptime: Synthetic Monitor RCE via exposed Playwright browser object from 0, < 10.0.20
CRITICAL9.9OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
from 0, < 10.0.18
CRITICAL9.9OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
from 0, < 10.0.7
CRITICAL9.9OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
from 0, < 10.0.0
HIGH8.6OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
from 0, < 10.0.19
HIGH8.2OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay
from 0, <= 10.0.11
—OneUptime has WhatsApp Resend Verification Authorization Bypass
from 0, < 10.0.21
—OneUptime Unauthorized User Creation via API
from 0, < 9.1.0
—OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
from 0, < 8.0.5567