5 matches found
Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking
A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...
CVE-2026-42354
Summary of technical details : Sentry versions 21.12.0 through 26.4.0 contain a critical flaw in the SAML SSO implementation that lets an attacker take over a user account by using a malicious Identity Provider and another organization within the same Sentry instance. The attacker must know the v...
Sentry 授权问题漏洞
Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. An authorization issue vulnerability exists in versions of Sentry prior to 25.1.0 that stems from allowing an attacker to take over any user account by using a malicious SAML identity provider...
SUSE CVE-2018-10847
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...
DEBIAN-CVE-2018-10847
prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of...