Account-Takeover

vulnerabilities 2026-05-09
Sentry CVE-2026-42354: Incomplete Fix Reopens SAML SSO Account Takeover
Sentry self-hosted is vulnerable again to cross-organization SAML account takeover, three months after CVE-2026-27197 was supposedly patched. Upgrade to 26.4.1.
sentry saml sso cve-2026-42354 incomplete-fix account-takeover authentication-bypass
vulnerabilities 2026-04-06
Ubiquiti UniFi Network Application Hit With CVSS 10 Path Traversal — Unauthenticated Account Takeover Possible
CVE-2026-22557 is a maximum-severity path traversal in Ubiquiti UniFi Network Application that enables unauthenticated full account takeover. Chain it with CVE-2026-22558 for admin escalation. Patch to 10.1.89 immediately.
ubiquiti unifi cve-2026-22557 cve-2026-22558 path-traversal nosql-injection network-infrastructure account-takeover

Sentry CVE-2026-42354: Incomplete Fix Reopens SAML SSO Account Takeover