Lucene search
+L

771 matches found

OSV
OSV
added 2026/05/10 1:16 p.m.15 views

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.13 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.39 views

CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS0.00927EPSS
Exploits1References3
CVE
CVE
added 2026/05/10 12:43 p.m.17 views

CVE-2021-47935

CVE-2021-47935 affects Sentry 8.2.0 and describes a remote code execution via pickle deserialization. The root cause is deserialization of malicious pickle-serialized objects injected into the audit log entry data parameter. An authenticated superuser can submit crafted POST requests to the admin...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/10 12:43 p.m.15 views

CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.21 views

PT-2026-39510

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/06 11:13 p.m.12 views

Axonflow fixed bugs by implementing multi-tenant isolation and access-control hardening

Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and policy-enforcement defects in the AxonFlow platform. They are filed as a single consolidated advisory because the recommended remediation is a...

5.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/28 10:39 p.m.5 views

GHSA-PP79-HQV6-VMC3 FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

5.3CVSS5.8AI score0.0033EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/28 10:39 p.m.14 views

FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field

Summary The application fails to validate the nick parameter during a POST request to the EditUser controller. Although the UI prevents editing this field, a user can bypass this restriction using a proxy to rename any account including the Administrator. This leads to Broken Access Control and...

5.3CVSS5.2AI score0.0033EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/04/28 10:2 p.m.129 views

Exploit for Command Injection in Github Enterprise_Server

ExploitCVE-2026-3854 CVE-2026-3854 is a Remote Code Executio...

8.8CVSS6AI score0.35858EPSS
Exploits5
Hacker One
Hacker One
added 2026/04/17 1:4 p.m.20 views

Revive Adserver: Stored XSS via malicious usernames in audit log details + Username validation bypass in XML‑RPC addUser

Vulnerability description not provided...

5.8AI score0.00339EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35391

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS6AI score0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 8:17 p.m.3 views

CVE-2026-35391

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS6AI score0.00136EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 8:17 p.m.4 views

CVE-2026-35391 Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS6AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 8:17 p.m.22 views

CVE-2026-35391 Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 8:17 p.m.17 views

CVE-2026-35391

CVE-2026-35391 affects Bulwark Webmail (lib/admin/session.ts getClientIP) prior to version 1.4.11. The function trusts the first (leftmost) entry of the X-Forwarded-For header, which is client-controlled. This allows an attacker to forge their source IP to bypass IP-based rate limiting (facilitat...

8.7CVSS6AI score0.00136EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/06 8:17 p.m.4 views

CVE-2026-35391 Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...

8.7CVSS6.1AI score0.00136EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 7:3 p.m.26 views

CVE-2026-34762 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

2.7CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 7:3 p.m.4 views

CVE-2026-34762 Ella Core Has Audit Log Falsification via Path/Body IMSI Mismatch in UpdateSubscriber

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/imsi API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's polic...

2.7CVSS5.7AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/04/02 7:3 p.m.14 views

CVE-2026-34762

Ella Core’s vulnerability (CVE-2026-34762) affects versions prior to 1.8.0. The PUT /api/v1/subscriber/{imsi} endpoint accepts an IMSI in both the URL path and the JSON body without verifying they match, enabling an authenticated NetworkManager to modify any subscriber’s QoS policy while the audi...

2.7CVSS5.7AI score0.00185EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder