872 matches found
CVE-2026-27197
Affected product: Sentry (self-hosted) versions 21.12.0–26.1.0. Vulnerability: Critical flaw in the SAML SSO implementation that can allow an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Conditions: Self-h...
Sentry 授权问题漏洞
Sentry is an open-source error tracking and performance monitoring platform designed for developers. Versions of Sentry from 21.12.0 to 26.1.0 have a security vulnerability related to authorization. This vulnerability stems from defects in the SAML single-sign-on implementation, which could allow...
CVE-2026-25541 vulnerabilities
Vulnerabilities for packages: linkerd-await, wasmcloud, linkerd-network-validator, zizmor, linkerd-extension-init, py3-xet-core, linkerd2-cni-plugin, tealdeer, wasmtime, linkerd2, kdash, komodo, bootc, qdrant, topgrade, nushell, pgcat, yazi, jujutsu, cargo-audit, asciinema, fnm, wadm, sentry-cli,...
GHSA-434X-W66G-QW3R vulnerabilities
Vulnerabilities for packages: linkerd-await, wasmcloud, linkerd-network-validator, zizmor, linkerd-extension-init, py3-xet-core, linkerd2-cni-plugin, tealdeer, wasmtime, linkerd2, kdash, komodo, bootc, qdrant, topgrade, nushell, pgcat, yazi, jujutsu, cargo-audit, asciinema, fnm, wadm, sentry-cli,...
ROS-20260122-73-0001
Vulnerability in python-sentry-sdk due to lack of protection for proprietary data. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...
ROS-20260122-73-0006
Vulnerability in python-sentry-sdk related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
ROS-20260122-73-0004
Vulnerability in python-sentry-sdk related to a flaw in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...
Sensitive Information Disclosure
Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...
CVE-2021-31791
In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command...
CVE-2023-49094
Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...
CVE-2023-4378
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...
CVE-2021-22256
Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...
CVE-2022-23485
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
CVE-2024-41656
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...
GHSA-RHFX-M35P-FF5J vulnerabilities
Vulnerabilities for packages: jujutsu, wasmcloud, vector, atuin, uutils, ztunnel, pgcat, pixi, ztunnel-fips, kdash, litmus, sentry-cli, yazi, nushell, mise...
CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure
FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...
CVE-2019-25243
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
PT-2025-53328
Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without explicit user permission...
Malicious code in chalk-sentry (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-192901 Malicious code in chalk-sentry (RubyGems)
--- -= Per source details. Do not edit below this line.=-...