Lucene search
K

9 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-533 Sentry: Improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...

9.1CVSS5.8AI score0.00435EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56223

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38737

Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...

9.3CVSS6AI score0.00244EPSS
Exploits0References2
NOZOMI
NOZOMI
added 2026/05/19 12:0 a.m.12 views

HTML injection in Credentials Manager in Guardian/CMC before 26.1.0

Summary A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. Impact An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delet...

5.9CVSS5.8AI score0.00194EPSS
Exploits0Affected Software2
Cvelist
Cvelist
added 2026/05/08 10:58 p.m.30 views

CVE-2026-42354 Sentry: Improper authentication on SAML SSO process allows user identity linking

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

9.1CVSS0.00623EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 10:58 p.m.11 views

CVE-2026-42354

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

9.1CVSS5.7AI score0.00623EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/30 8:44 p.m.7 views

Sentry's improper authentication on SAML SSO process allows user identity linking

Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...

9.8CVSS5.7AI score0.00623EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/21 4:35 a.m.10 views

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

9.1CVSS5.7AI score0.00435EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/06 2:19 a.m.7 views

CVE-2025-22146

Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a...

9.1CVSS6.6AI score0.00584EPSS
Exploits0References1
Rows per page
Query Builder