Every CVE whose affected-product data names Hackerbay Oneuptime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2026-30957 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged…
CVE-2026-30921 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged…
CVE-2026-30956 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and…
CVE-2026-32306 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API accepts…
CVE-2026-27574 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses…
CVE-2026-27728 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in…
CVE-2026-33396 — CVSS 9.9 (critical): OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user…
CVE-2026-30887 — CVSS 9.9 (critical): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom…
CVE-2026-35053 — CVSS 9.8 (critical): OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes…
CVE-2026-34758 — CVSS 9.1 (critical): OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test…
CVE-2026-30920 — CVSS 8.6 (high): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts…
CVE-2024-29194 — CVSS 8.3 (high): OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side…
CVE-2026-28787 — CVSS 8.2 (high): OneUptime is a solution for monitoring and managing online services. In version 10.0.11 and prior, the WebAuthn authentication…
CVE-2025-66028 — CVSS 8.2 (high): OneUptime is a solution for monitoring and managing online services. Prior to version 8.0.5567, OneUptime is vulnerable to privilege…
CVE-2026-33142 — CVSS 8.1 (high): OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 (ClickHouse SQL…
CVE-2026-34759 — CVSS 8.1 (high): OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are…
CVE-2026-34840 — CVSS 8.1 (high): OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation…
CVE-2025-65966 — CVSS 8.1 (high): OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts…
CVE-2026-32308 — CVSS 7.6 (high): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component renders Mermaid…
CVE-2026-33143 — CVSS 7.5 (high): OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler…
CVE-2026-30958 — CVSS 7.2 (high): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the…
CVE-2026-32598 — CVSS 6.5 (medium): OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password…
CVE-2026-30959 — CVSS 5.0 (medium): OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to…