24h | 7d | 30d

Overview

  • getsentry
  • sentry

08 May 2026
Published
08 May 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
Pending

KEV

Description

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. This issue has been patched in version 26.4.1.

Statistics

  • 1 Post

Last activity: Last hour

Fediverse

Profile picture fallback

🚨 CRITICAL: Sentry SAML SSO auth bypass (CVE-2026-42354) affects 21.12.0 - 26.4.0. Attackers w/ malicious SAML IdP & another org can fully compromise user accounts. Upgrade to 26.4.1 ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • Last hour

Overview

  • SGLang
  • SGLang

20 Apr 2026
Published
29 Apr 2026
Updated

CVSS
Pending
EPSS
0.32%

KEV

Description

SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment().

Statistics

  • 1 Post

Last activity: 23 hours ago

Bluesky

Profile picture fallback
⚠️ Manual Técnico: Reparación del CVE-2026-5760 en el Framework de IA SGLang www.newstecnicas.com/2026/04/manu...
  • 0
  • 0
  • 0
  • 23h ago

Overview

  • Google
  • Chrome

28 Apr 2026
Published
01 May 2026
Updated

CVSS
Pending
EPSS
0.09%

KEV

Description

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 13 hours ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-7335 googleのchromeの脆弱性について Google Chrome 147.0.7727.138 より前のバージョンにおいて、media に Use after free の脆弱性が存在します。
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • DIVD
  • VerySecureApp

07 May 2026
Published
08 May 2026
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
0.04%

KEV

Description

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

🚨 CVE-2026-7891 (CRITICAL): Insecure inherited permissions in DIVD VerySecureApp let anonymous users read all records. Built with Mendix Studio Pro 11.8.0 Beta — patch pending. Review anonymous access configs ASAP! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • mesa3d
  • Mesa

12 Apr 2026
Published
13 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.05%

KEV

Description

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Statistics

  • 1 Post

Last activity: 9 hours ago

Bluesky

Profile picture fallback
CVE-2026-40393 isn't going anywhere. Check your #openSUSE Mesa version, run this 1‑minute script, and lock down WebGPU for good Read more - > tinyurl.com/5n6hwtww #Security
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • axios
  • axios

24 Apr 2026
Published
27 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.06%

KEV

Description

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.1, the FormDataPart constructor in lib/helpers/formDataToStream.js interpolates value.type directly into the Content-Type header of each multipart part without sanitizing CRLF (\r\n) sequences. An attacker who controls the .type property of a Blob/File-like object (e.g., via a user-uploaded file in a Node.js proxy service) can inject arbitrary MIME part headers into the multipart form-data body. This bypasses Node.js v18+ built-in header protections because the injection targets the multipart body structure, not HTTP request headers. This vulnerability is fixed in 1.15.1.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 New MEDIUM CVE detected in AWS Lambda 🚨 CVE-2026-42037 impacts axios in 3 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/505 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Go standard library
  • net/mail
  • net/mail

07 May 2026
Published
08 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-42499 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/503 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Go standard library
  • html/template
  • html/template

07 May 2026
Published
08 May 2026
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-39826 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/501 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • Akamai
  • Guardicore Platform Agent

08 May 2026
Published
08 May 2026
Updated

CVSS v3.1
HIGH (7.4)
EPSS
Pending

KEV

Description

Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the HandleSaveLogs() function of the GPA service, by creating a log file and manipulating it into a symlink that points to the targeted path; this can allow an unprivileged local user to make arbitrary root-owned files world-writable. In addition, a diagnostic collection tool (gimmelogs) running with root privileges was vulnerable to command injection from the dbstore, offering a second privilege escalation vector. (On Windows, gimmelogs does not have command injection but does allow writing a ZIP archive to an unintended location.) This affects Akamai Guardicore Platform Agent 7.0 through 7.3.1 and Akamai Zero Trust Client 6.0 through 6.1.5.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
~Akamai~ Akamai patched a local privilege escalation flaw in Guardicore Platform Agent for macOS/Linux. - IOCs: CVE-2026-34354 - #CVE202634354 #Guardicore #ThreatIntel
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Go standard library
  • net/mail
  • net/mail

07 May 2026
Published
08 May 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
🚨 New UNKNOWN CVE detected in AWS Lambda 🚨 CVE-2026-39820 impacts stdlib in 26 Lambda base images. Details: https://github.com/aws/aws-lambda-base-images/issues/498 More: https://lambdawatchdog.com/ #AWS #Lambda #CVE #CloudSecurity #Serverless
  • 0
  • 0
  • 0
  • 12h ago
Showing 31 to 40 of 72 CVEs