pkg:npm/@oneuptime/common

所有已知漏洞

• CRITICAL9.9CVE-2026-30957OneUptime has Synthetic Monitor RCE via exposed Playwright browser object
  from 0, < 10.0.21
• CRITICAL9.9CVE-2026-30956OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header that leads to cross‑tenant data exposure and account takeover
  from 0, < 10.0.21
• CRITICAL9.9CVE-2026-30921OneUptime: Synthetic Monitor RCE via exposed Playwright browser object
  from 0, < 10.0.20
• CRITICAL9.9CVE-2026-30887OneUpTime's Unsandboxed Code Execution in Probe Allows Any Project Member to Achieve RCE
  from 0, < 10.0.18
• CRITICAL9.9CVE-2026-27728OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
  from 0, < 10.0.7
• CRITICAL9.9CVE-2026-27574OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE
  from 0, < 10.0.0
• HIGH8.6CVE-2026-30920OneUptime has broken access control in GitHub App installation flow that allows unauthorized project binding
  from 0, < 10.0.19
• HIGH8.2CVE-2026-28787OneUptime has WebAuthn 2FA bypass: server accepts client-supplied challenge instead of server-stored value, allowing credential replay
  from 0, <= 10.0.11
• —CVE-2026-30959OneUptime has WhatsApp Resend Verification Authorization Bypass
  from 0, < 10.0.21
• —CVE-2025-65966OneUptime Unauthorized User Creation via API
  from 0, < 9.1.0
• —CVE-2025-66028OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation
  from 0, < 8.0.5567