CVE-2026-33130 | louislam uptime-kuma up to 2.2.0 notification-provider.js require.resolve filename control

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability categorized as problematic has been discovered in louislam uptime-kuma up to 2.2.0. This affects the function require.resolve of the file notification-provider.js. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is uniquely identified as CVE-2026-33130. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-33130 | louislam uptime-kuma up to 2.2.0 notification-provider.js require.resolve filename control

Post correlati

CVE-2024-41243 | Kashipara Responsive School Management System 3.2.0 Marks Details /smsa/view_marks.php access control

CVE-2026-24578 | Jahid Hasan Admin login URL Change Plugin up to 1.1.5 on WordPress authorization

CVE-2024-30004 | Microsoft unknown vulnerability

CVE-2024-2409 | stylemix MasterStudy LMS WordPress Plugin up to 3.3.1 on WordPress _register_user improper authentication