CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-0828

Malicious code in bioql PyPI...

7.6CVSS6.8AI score0.00398EPSS

Exploits0References5

RedhatCVE•added 2025/05/23 6:1 a.m.•1 views

CVE-2023-28117

Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitiv...

7.6CVSS6.9AI score0.00398EPSS

Exploits0References1

Tenable Nessus•added 2023/04/14 12:0 a.m.•16 views

FreeBSD : py39-sentry-sdk -- sensitive cookies leak (15dae5cc-9ee6-4577-a93e-2ab57780e707)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 15dae5cc-9ee6-4577-a93e-2ab57780e707 advisory. - Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the...

7.6CVSS6.9AI score0.00398EPSS

Exploits0References3

NVD•added 2023/03/22 8:15 p.m.•7 views

CVE-2023-28117

7.6CVSS7.5AI score0.00398EPSS

Exploits0References3

Prion•added 2023/03/22 8:15 p.m.•11 views

Design/Logic Flaw

4CVSS6.4AI score0.00398EPSS

Exploits0References3Affected Software1

UbuntuCve•added 2023/03/22 8:15 p.m.•23 views

CVE-2023-28117

7.6CVSS6.9AI score0.00398EPSS

Exploits0References4

CVE•added 2023/03/22 7:37 p.m.•88 views

CVE-2023-28117

CVE-2023-28117 affects the Sentry SDK for Python (Django integration) prior to 1.14.0. When sendDefaultPII is True and a custom SESSION_COOKIE_NAME or CSRF_COOKIE_NAME is used, cookies (including session cookies) can be leaked to Sentry, potentially enabling impersonation or privilege escalation ...

7.6CVSS6.5AI score0.00398EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/03/22 7:37 p.m.•17 views

CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

7.6CVSS7.7AI score0.00398EPSS

Exploits0References3

Vulnrichment•added 2023/03/22 7:37 p.m.•8 views

CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

7.6CVSS7.4AI score0.00398EPSS

Exploits0References3

OSV•added 2023/03/22 7:37 p.m.•16 views

CVE-2023-28117 Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

7.6CVSS7AI score0.00398EPSS

Exploits0References5

Github Security Blog•added 2023/03/21 10:31 p.m.•80 views

Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

Impact When using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

7.6CVSS6.3AI score0.00398EPSS

Exploits0References5Affected Software1

OSV•added 2023/03/21 10:31 p.m.•22 views

GHSA-29PR-6JR8-Q5JM Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

7.6CVSS6.7AI score0.00398EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 5:34 a.m.•1 views

SUSE CVE-2013-6480

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

2.1CVSS6.2AI score0.00565EPSS

Exploits1References3

Positive Technologies•added 2023/01/20 12:0 a.m.•3 views

PT-2023-9596 · Sentry +1 · Sentry Sdk +1

Name of the Vulnerable Software and Affected Versions: Sentry SDK versions prior to 1.14.0 Description: The issue is related to the leakage of sensitive cookie values, including session cookies, to Sentry when using the Django integration of the Sentry SDK in a specific configuration. This can...

7.6CVSS7.2AI score0.00398EPSS

Exploits0References17

OSV•added 2022/05/14 2:54 a.m.•11 views

GHSA-G892-9H8M-R69R Libcloud does not properly scrub data when destroying a DigitalOcean node

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

2.1CVSS5.3AI score0.00565EPSS

Exploits1References12

OpenVAS•added 2020/12/05 12:0 a.m.•18 views

Fedora: Security Advisory for pdfresurrect (FEDORA-2020-e9f9bb77a0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.8CVSS7.7AI score0.00356EPSS

Exploits1References2

Fedora•added 2020/12/04 12:30 a.m.•31 views

[SECURITY] Fedora 32 Update: pdfresurrect-0.21-1.fc32

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also...

7.8CVSS0.5AI score0.00356EPSS

Exploits1

OpenVAS•added 2020/01/09 12:0 a.m.•22 views

Fedora Update for pdfresurrect FEDORA-2019-b20614ff74

7.8CVSS7.6AI score0.17056EPSS

Exploits5References2

Fedora•added 2019/09/06 12:59 p.m.•25 views

[SECURITY] Fedora 29 Update: pdfresurrect-0.18-1.fc29

7.8CVSS0.5AI score0.17056EPSS

Exploits5

Fedora•added 2019/09/06 12:35 p.m.•19 views

[SECURITY] Fedora 30 Update: pdfresurrect-0.18-1.fc30