CVE Daily – Kuma (High+Critical) https://cvedaily.com/pages/tags/kuma.html CVE Daily – Kuma (High+Critical) en Wed, 03 Jun 2026 21:26:41 +0000 [High] CVE-2024-36542 – Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data an... https://nvd.nist.gov/vuln/detail/CVE-2024-36542 https://nvd.nist.gov/vuln/detail/CVE-2024-36542 Thu, 25 Jul 2024 17:15:10 +0000 High CVE-2024-36542

Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.

CVSS: 8.8 · CWE: CWE-277

View on NVD

]]> [High] CVE-2023-36821 – Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to ... https://nvd.nist.gov/vuln/detail/CVE-2023-36821 https://nvd.nist.gov/vuln/detail/CVE-2023-36821 Wed, 05 Jul 2023 22:15:09 +0000 High CVE-2023-36821

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after l…

CVSS: 8.8 · CWE: CWE-20

View on NVD

]]>