📦 Oneuptime

CVE-2026-27728 is an OS command injection vulnerability in OneUptime's NetworkPathMonitor.performTraceroute() function that allows authenticated project users to execute arbitrary operating system com...

CVE-2026-27574 allows remote code execution in OneUptime monitoring software. Any user with ProjectMember role (including anonymous users via open registration) can execute arbitrary code that escapes...

OneUptime versions before 8.0.5567 contain a privilege escalation vulnerability where attackers can manipulate the login response to gain admin dashboard access. By intercepting and changing the 'isMa...

In OneUptime version 9.0.5598, low-permission users can bypass the intended user interface and create new accounts directly through API requests. This improper authorization vulnerability affects all ...

This CVE describes an authorization bypass vulnerability in OneUptime where attackers can manipulate client-side stored data to gain administrative privileges. By changing the is_master_admin key from...