CVE-2026-10270

A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpddebug.asp of the component API. The manipulation of the argument Time results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public...

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853 A-Plus Video Technologies｜NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853 A-Plus Video Technologies｜NVR - Sensitive Data Exposure

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

EUVD-2026-1953

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

CVE-2026-0853

CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...

PT-2026-2043

Name of the Vulnerable Software and Affected Versions A-Plus Video Technologies NVR models affected versions not specified Description A security issue exists in certain NVR models developed by A-Plus Video Technologies that allows unauthenticated remote attackers to access the debug page...

Sitecore Debug Page Detected

Sitecore is a popular web content management system WCMS used for building and managing websites. When the debug page is accessible, it can expose sensitive information about the application's configuration, environment, and code structure. This information can be exploited by attackers to identi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not splitting pages when enabling debug page allocation, which could cause the kernel to crash...

Metasoft MetaCRM 授权问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. An authorization issue vulnerability exists in Metasoft MetaCRM 6.4.2 and earlier versions, which stems from improper authentication due to mishandling of the file /debug.jsp...

CVE-2025-34081

The Contec Co.,Ltd. CONPROSYS HMI System CHS exposes a PHP phpinfo debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

CVE-2025-34081 CONPROSYS HMI System (CHS) < 3.7.7 Exposed PHP Debug Info

The Contec Co.,Ltd. CONPROSYS HMI System CHS exposes a PHP phpinfo debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

UBUNTU-CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

SUSE CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites

An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...