Zeitnah aktualisieren
Derived automatically from release, repo and CVE data — no judgment by a language model.
A vulnerability in Uptime Kuma allows attackers to inject malicious JavaScript code into status page names, which then executes in other users' browsers and can compromise their sessions.
A vulnerability in Uptime Kuma allows attackers to inject malicious JavaScript code into status page descriptions, which then executes when other users view those pages.
A vulnerability in Uptime Kuma monitoring software allows authenticated users to install malicious plugins that can automatically execute code on the server.
A path traversal vulnerability in Uptime Kuma allows authenticated users to delete arbitrary files on the server by using manipulated plugin names, potentially causing system failure and data loss.
A vulnerability in Uptime Kuma monitoring software causes user sessions to remain valid even after password changes or long periods of inactivity, allowing attackers with device access to gain persistent account access.
A vulnerability in Uptime Kuma allows attackers to inject malicious code into web pages by manipulating the Google Analytics ID field in custom status pages, as user inputs are not properly sanitized.
A vulnerability in Uptime Kuma allows authenticated users to execute arbitrary commands on the server by injecting malicious code into the hostname field of the Tailscale Ping monitor.
Uptime Kuma fails to verify the origin of WebSocket connections, allowing third-party websites to access the application on behalf of their visitors and bypass firewall or proxy protections.
Uptime Kuma has a vulnerability where logged-in users remain authenticated after password changes, allowing continued account access without re-authentication. This enables unauthorized access to user data even after passwords have been changed.
Uptime Kuma fails to automatically invalidate existing user sessions when authentication is enabled, allowing already logged-in users to retain full access until they manually log out or refresh the page.
A vulnerability in Uptime Kuma allows attackers to read local files from the server by using file:// URLs in the "real-browser" feature that takes screenshots, potentially exposing sensitive system files like /etc/passwd.
A vulnerability in Uptime Kuma allows administrators to trigger a ReDoS attack through specially crafted URL inputs in notification settings, potentially freezing the web service due to excessive CPU usage.
A vulnerability in Uptime Kuma allows authenticated attackers to extract sensitive data from internal cloud metadata services through SSRF attacks, potentially exposing access tokens and configuration information.
A vulnerability in Uptime Kuma allows unauthenticated attackers to access files starting with 'index.' through path traversal, potentially exposing sensitive information from the server's file system.
A vulnerability in Uptime Kuma allows authenticated users to read arbitrary files from the server by injecting malicious templates into webhook notifications.
Uptime Kuma sends RSS feeds for public status pages with incorrect content type as HTML instead of XML, causing browsers to misinterpret the feed and potentially execute scripts.
A security flaw in Uptime Kuma allows unauthenticated users to retrieve average response times of private monitoring services because one API endpoint fails to verify proper authorization.
A security vulnerability in Uptime Kuma allows authenticated users to read arbitrary files from the server by using malicious templates in webhook notifications.
New SMS and chat notification providers, bearer token support for monitors, fix for remote code execution security vulnerability and various bug fixes
Bug fix for SQLite database locking issue and dependency updates
SQLite database connection reverted from multiple connections back to single default connection
Removal of sorting feature on status pages and new SQLite configuration required for Raspberry Pi users
New Fluxer notification provider, bug fixes for UI styling and Prometheus metrics, plus security fix for server-side template injection
New features for SOCKS proxy support in notifications, WhatsApp provider and Signal templating, plus important bugfixes for Node.js compatibility and security vulnerability
Added new notification providers and DNS support, fixed PWA cache issue and various bug fixes
Uptime Kuma 2.1.1 adds customizable Matrix notifications, group name column in dashboard and fixes several bugs in Gamedig, Discord notifications and domain expiry monitoring
Uptime Kuma 2.1.0 adds new notification providers (Jira Service Management, Google Sheets) and fixes various bugs related to certificates, monitoring, and UI behavior
Beta version with new features including Google Sheets notifications, incident history, PostgreSQL query monitoring and various improvements plus bug fixes
Beta version with new monitor types (SIP, MySQL/MariaDB), enhanced notification options, Docker secrets support and various UI improvements
Beta version with new monitor types (SQL Server, system services, domain expiry), analytics support for status pages and removal of LINE Notify integration
Beta version with new features including webpush notifications, SSL/STARTTLS for TCP port monitoring, improved HeartbeatBar performance and various bug fixes
Fixes false positive detection of Google Chrome during migration and updates security documentation
Security update fixes server-side template injection vulnerability in notification templates and browser monitor issue
Uptime Kuma 2.0.0 is a major release with breaking changes, new notification providers, security fixes and requires careful migration from v1
Fixes a bug where healthchecks could cause unexpected shutdown of Uptime Kuma during data migration
Uptime Kuma 2.0.0-beta.4 introduces new features like manual monitors, markdown support and bulk tag management, but contains breaking changes requiring migration
Beta version with new notification providers, enhanced ping monitor options and important security fixes for unauthenticated file access
Beta version with new notification providers, security fixes for ReDoS vulnerabilities and various improvements
Security update fixes local file inclusion vulnerability in Real-Browser monitor and updates dependencies
Beta version 2.0.0 with critical security fixes for Local File Inclusion vulnerability, Docker images on ghcr.io and various bug fixes
Uptime Kuma 2.0.0-beta.0 with numerous new features like MariaDB support, SNMP monitor and many notification providers, but includes breaking changes requiring migration
Bug fixes for API key display and status page icons along with security updates for dependencies
Fixes crash issue from version 1.23.14 by pinning cheerio dependency for Alpine images and Node.js 16
Bug fixes for language settings and TLS certificate issues with proxy connections
Security updates for multiple dependencies, improvements to TLS certificate detection and i18n language detection, but proxy users should stay on version 1.23.11
Updated dependencies and fixed error handling bug and Tailscale monitor issue
Security fix for incompletely patched vulnerability and improvement of reverse proxy configuration