Lucene search
K

872 matches found

CVE
CVE
added 2026/02/21 4:35 a.m.29 views

CVE-2026-27197

Affected product: Sentry (self-hosted) versions 21.12.0–26.1.0. Vulnerability: Critical flaw in the SAML SSO implementation that can allow an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Conditions: Self-h...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.9 views

Sentry 授权问题漏洞

Sentry is an open-source error tracking and performance monitoring platform designed for developers. Versions of Sentry from 21.12.0 to 26.1.0 have a security vulnerability related to authorization. This vulnerability stems from defects in the SAML single-sign-on implementation, which could allow...

9.1CVSS5.9AI score0.00435EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/02/04 1:27 p.m.6 views

CVE-2026-25541 vulnerabilities

Vulnerabilities for packages: linkerd-await, wasmcloud, linkerd-network-validator, zizmor, linkerd-extension-init, py3-xet-core, linkerd2-cni-plugin, tealdeer, wasmtime, linkerd2, kdash, komodo, bootc, qdrant, topgrade, nushell, pgcat, yazi, jujutsu, cargo-audit, asciinema, fnm, wadm, sentry-cli,...

7.5CVSS5.9AI score0.00559EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/04 1:27 p.m.6 views

GHSA-434X-W66G-QW3R vulnerabilities

Vulnerabilities for packages: linkerd-await, wasmcloud, linkerd-network-validator, zizmor, linkerd-extension-init, py3-xet-core, linkerd2-cni-plugin, tealdeer, wasmtime, linkerd2, kdash, komodo, bootc, qdrant, topgrade, nushell, pgcat, yazi, jujutsu, cargo-audit, asciinema, fnm, wadm, sentry-cli,...

5.9AI score
Exploits0
Redos
Redos
added 2026/01/22 12:0 a.m.9 views

ROS-20260122-73-0001

Vulnerability in python-sentry-sdk due to lack of protection for proprietary data. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

5.3CVSS5.6AI score0.00198EPSS
Exploits0
Redos
Redos
added 2026/01/22 12:0 a.m.9 views

ROS-20260122-73-0006

Vulnerability in python-sentry-sdk related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...

7.5CVSS5.6AI score0.00672EPSS
Exploits0
Redos
Redos
added 2026/01/22 12:0 a.m.9 views

ROS-20260122-73-0004

Vulnerability in python-sentry-sdk related to a flaw in the error reporting mechanism. Exploitation of the vulnerability may allow a remote intruder to gain unauthorized access to protected information...

5.3CVSS5.6AI score0.00628EPSS
Exploits0
Veracode
Veracode
added 2026/01/13 8:0 a.m.7 views

Sensitive Information Disclosure

Sentry-Javascript is vulnerable to Sensitive Information Disclosure. The vulnerability is due to over-collection of sensitive HTTP headers when sendDefaultPii is enabled, where headers such as Cookie can be sent to and stored in Sentry traces, allowing users with access to the Sentry organization...

5CVSS6.8AI score0.00298EPSS
Exploits0References7Affected Software12
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.6 views

CVE-2021-31791

In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext password may be discovered after a failure or timeout of a command...

7.5CVSS7.2AI score0.00602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.11 views

CVE-2023-49094

Symbolicator is a symbolication service for native stacktraces and minidumps with symbol server support. An attacker could make Symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint. The response could be reflected to the attacker if the...

4.3CVSS7AI score0.00705EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.5 views

CVE-2023-4378

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the...

5.5CVSS6.8AI score0.00711EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.6 views

CVE-2021-22256

Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status...

5.5CVSS6.9AI score0.00729EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.13 views

CVE-2022-23485

Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...

6.4CVSS6.7AI score0.00423EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.27 views

CVE-2024-41656

Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 24.7.1, an unsanitized payload sent by an Integration platform integration allows storing arbitrary HTML tags on the Sentry side with the subsequent rendering them on the Issues page...

7.1CVSS6.6AI score0.00467EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/01/08 1:25 p.m.5 views

GHSA-RHFX-M35P-FF5J vulnerabilities

Vulnerabilities for packages: jujutsu, wasmcloud, vector, atuin, uutils, ztunnel, pgcat, pixi, ztunnel-fips, kdash, litmus, sentry-cli, yazi, nushell, mise...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.29 views

CVE-2019-25278 FaceSentry Access Control System 6.4.8 Authentication Credentials MiTM Disclosure

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication...

9.1CVSS0.00303EPSS
Exploits2References3
OSV
OSV
added 2025/12/24 8:15 p.m.5 views

CVE-2019-25243

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...

8.7CVSS6AI score0.02325EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.6 views

PT-2025-53328

Name of the Vulnerable Software and Affected Versions FaceSentry Access Control System version 6.4.8 Description The FaceSentry Access Control System is susceptible to a cross-site request forgery condition. This allows attackers to execute administrative actions without explicit user permission...

5.1CVSS6.5AI score0.002EPSS
Exploits2References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/23 8:40 a.m.7 views

Malicious code in chalk-sentry (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2025/12/23 8:40 a.m.2 views

MAL-2025-192901 Malicious code in chalk-sentry (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

6.8AI score
Exploits0
Rows per page
Query Builder