Exposure of Sentry
Issue trackers85
exposure score
555,799
sites use
0
exploited
6
critical
CVEs
25 resultsCVE-2026-10520CRITICALAn OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated userEPSS 98.9%CVE-2026-10523CRITICALAn Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthentEPSS 47.2%CVE-2023-41724CRITICALA command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the EPSS 12.8%CVE-2021-47935HIGHSentry 8.2.0 Remote Code Execution via Pickle DeserializationEPSS 0.9%CVE-2023-39349HIGHSentry vulnerable to privilege escalation via ApiTokensEndpointEPSS 0.8%CVE-2023-39338MEDIUMEnables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the senEPSS 0.8%CVE-2025-53099MEDIUMSentry Missing Invalidation of Authorization Codes During OAuth Exchange and RevocationEPSS 0.7%CVE-2024-53253MEDIUMSentry's improper error handling leaks Application Integration Client SecretEPSS 0.6%CVE-2026-42354CRITICALSentry: Improper authentication on SAML SSO process allows user identity linkingEPSS 0.6%CVE-2025-22146CRITICALImproper authentication on SAML SSO process allows user impersonation in sentryEPSS 0.6%CVE-2024-35196LOWSlack integration leaks sensitive information in logs in SentryEPSS 0.6%CVE-2023-36829MEDIUMSentry CORS misconfiguration vulnerabilityEPSS 0.5%CVE-2023-36826HIGHSentry vulnerable to improper authorization on debug and artifact file downloadsEPSS 0.5%CVE-2024-24829MEDIUMSSRF in Sentry via Phabricator integrationEPSS 0.5%CVE-2024-41656HIGHSentry vulnerable to stored Cross-Site Scripting (XSS)EPSS 0.4%CVE-2026-27197CRITICALSentry: Improper Authentication on SAML SSO process allows user identity linkingEPSS 0.4%CVE-2024-32474HIGHSentry's superuser cleartext password leaked in logsEPSS 0.4%CVE-2022-23485MEDIUMInvite code reuse via cookie manipulation in sentryEPSS 0.4%CVE-2024-45605MEDIUMImproper authorization on deletion of user issue alert notifications in sentryEPSS 0.4%CVE-2024-10276MEDIUMTelestream Sentry Reports Page page cross site scriptingEPSS 0.4%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →