VYPR
Vendor

Hackerbay

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-35053CriApr 2, 2026
    risk 0.57cvss 9.8epss 0.01

    OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication…

  • CVE-2026-34758CriApr 2, 2026
    risk 0.52cvss 9.1epss 0.00

    OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version…

  • CVE-2026-34840HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.00

    OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first …

  • CVE-2026-34759HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.01

    OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoints in the same codebase correctly use ClusterKeyAuthorization.isAuthorizedServic…

  • CVE-2026-33396Mar 26, 2026
    risk 0.00cvss epss 0.01

    OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command execution on the Probe container/host by abusing Synthetic Monitor Playwright script execution. Synthetic…

  • CVE-2026-30958Mar 10, 2026
    risk 0.00cvss epss 0.00

    OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated…