Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in debug exceptions, which use ERB escaping. An attacker can execute JavaScript in the context of the affected application by triggering a malicious exception message that is rendered bypassing the intended...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

EUVD-2026-14614

Rails has a possible XSS vulnerability in its Action Pack debug exceptions...

GHSA-PGM4-439C-5JP6 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001195)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001195 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003536 advisory. A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002130 advisory. The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...

EUVD-2017-16569

Malware in sbrugna...

EUVD-2015-7996

Malware in sbrugna...

CVE-2022-49888

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortexa76erratum1463225debughandler function is called when handling debug exceptions and synchronous exceptions from BRK instructions, and so is called when a probed function executes. If...

CVE-2022-49888 arm64: entry: avoid kprobe recursion

In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortexa76erratum1463225debughandler function is called when handling debug exceptions and synchronous exceptions from BRK instructions, and so is called when a probed function executes. If...

Synology DiskStation Manager Debian Linux Race Condition (CVE-2018-8897)

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual SDM was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS or POP SS, as demonstrated ...

SUSE CVE-2023-20573

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

CVE-2023-20573

A flaw was found in AMD hardware using the Secure Encrypted Virtualization – Secure Nested Paging SEV-SNP feature. This issue may allow a privileged attacker to prevent the delivery of debug exceptions to SEV-SNP guests, potentially resulting in guests not receiving expected debug information...

CVE-2023-20573

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

Information disclosure

A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information...

CVE-2023-20573

CVE-2023-20573 describes a defect in AMD SEV-SNP on 3rd/4th Gen EPYC processors where a privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests, potentially causing guests to miss expected debug information. The issue is local to privileged attackers and affects the deliver...