EUVD-2024-22192

Malicious code in bioql PyPI...

EUVD-2023-0240

Malicious code in bioql PyPI...

EUVD-2023-0239

Malicious code in bioql PyPI...

EUVD-2024-2337

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-3060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate conten...

CVE-2025-54433

Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from untrusted eventid input without validation. A specially crafted eventid can result in paths outsi...

CVE-2024-24829

Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration maintained by Sentry with version =24.1.1 contains a constrained SSRF vulnerability. A...

CVE-2024-53253

Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ...

CVE-2022-4365

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error...

CVE-2022-2244

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature...

CVE-2022-3060

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests...

CVE-2024-32474

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...

CVE-2024-45605

Sentry vulnerability CVE-2024-45605: Improper authorization allows an authenticated user to delete user issue alert notifications for arbitrary users when they know an alert ID. The issue is mitigated by a patch that scopes authorization checks on delete requests; affected deployments need to upg...

CVE-2024-45605 Improper authorization on deletion of user issue alert notifications in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert...

CVE-2024-35196

Sentry is a developer-first error tracking and performance monitoring platform. Sentry's Slack integration incorrectly records the incoming request body in logs. This request data can contain sensitive information, including the deprecated Slack verification token. With this verification token, i...

GitLab 11.8 < 12.10.13 (CVE-2020-13336)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. CVE-2020-13336 Note that Nessus has not...

CVE-2024-32474

Sentry is an error tracking and performance monitoring platform. Prior to 24.4.1, when authenticating as a superuser to Sentry with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validatesuperuser. An attacker with access to the log data could use...

CVE-2024-32474

Sentry vulnerability CVE-2024-32474: Before 24.4.1, authenticating as a superuser with a username and password leaks the password in logs under the event event : auth-index.validate_superuser. An attacker with access to the log data could use these credentials to log in as superuser. Affected are...

BIT-GITLAB-2020-13336

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature...

BIT-GITLAB-2022-2244

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature...