EUVD-2021-34796

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

CVE-2021-47935

CVE-2021-47935 affects Sentry 8.2.0 and describes a remote code execution via pickle deserialization. The root cause is deserialization of malicious pickle-serialized objects injected into the audit log entry data parameter. An authenticated superuser can submit crafted POST requests to the admin...

CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

Sentry 代码注入漏洞

Sentry is an open-source error tracking and performance monitoring platform for developers. Version Sentry 8.2.0 contains a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated superusers to execute arbitrary commands by injecting...

PT-2026-39510

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

CVE-2026-39842

OpenRemote (IoT platform)

CVE-2026-35175 Ajenti has an authorization bypass during custom package installation

Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. This vulnerability is fixed in 2.2.15...

CVE-2026-35175

Ajenti (Linux/BSD modular server admin panel) contains an authorization bypass vulnerability (CVE-2026-35175) where an authenticated user using the auth_users method could install a custom package even without superuser privileges. Red Hat/NVD entries confirm the issue and that it is fixed in ver...

Ajenti has an authorization bypass during custom package installation

Impact An authenticated user using the authusers plugin authentication method could install a custom package even if this user is not superuser. Patches This is fixed in the version 2.2.15. Users should upgrade to this version as soon as possible...

postgresql:15 security update

An update is available for pgrepack, module.pgaudit, postgres-decoderbufs, module.pgrepack, module.postgres-decoderbufs, pgaudit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...

EUVD-2021-12861

Malware in sbrugna...

Missing Authorization

snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self" permissions to modify group memberships without verifying if they are superusers...

SUSE CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...

Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management

Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers – typically one ou...