Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8107 matches found

CVE
CVEadded 2026/03/25 10:26 a.m.4 views

CVE-2026-23303

The CVE-2026-23303 vulnerability affects the Linux kernel SMB client: when logging is enabled, cifs_set_cifscreds can emit plaintext credentials (username/password) to logs. The issue is fixed by removing the debug log, preventing credential exposure. The connected advisories confirm the flaw exi...

5.5CVSS5.6AI score0.00018EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2026/03/25 10:26 a.m.0 views

CVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscreds

In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifssetcifscreds When debug logging is enabled, cifssetcifscreds logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing...

5.5CVSS5.7AI score0.00018EPSS
Exploits0References9
SUSE CVE
SUSE CVEadded 2026/03/25 12:26 a.m.2 views

SUSE CVE-2026-27900

The Terraform Provider for Linode versions prior to v3.9.0 logged sensitive information including some passwords, StackScript content, and object storage data in debug logs without redaction. Provider debug logging is not enabled by default. This issue is exposed when debug/provider logs are...

7.7CVSS6.1AI score0.00014EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/03/25 12:0 a.m.3 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the storage of plaintext credentials in debug log records, potentially leading to credential exposure...

5.5CVSS5.8AI score0.00018EPSS
Exploits0References7
OSV
OSVadded 2026/03/24 8:44 p.m.2 views

GHSA-X6G4-F6Q3-FQVV NATS credentials are exposed in monitoring port via command-line argv

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuratio...

7.4CVSS5.8AI score0.00016EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/03/24 8:44 p.m.7 views

NATS credentials are exposed in monitoring port via command-line argv

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server provides an optional monitoring port, which provides access to sensitive data. The nats-server can take certain configuratio...

7.4CVSS5.8AI score0.00016EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/24 11:17 a.m.1 views

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

5.4CVSS6AI score0.00022EPSS
Exploits0References6
Snyk
Snykadded 2026/03/24 12:32 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in debug exceptions, which use ERB escaping. An attacker can execute JavaScript in the context of the affected application by triggering a malicious exception message that is rendered bypassing the intended...

6.1CVSS5.7AI score0.00022EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.4 views

PT-2026-27620

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server is a high-performance server for NATS.io, a cloud and edge native messaging system. If a nats-server is run with static credentials for all...

7.4CVSS5.9AI score0.00016EPSS
Exploits0References9
NVD
NVDadded 2026/03/23 11:17 p.m.0 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00022EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/03/23 11:17 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/23 10:58 p.m.20 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00022EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.5AI score0.00022EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/03/23 10:58 p.m.0 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/23 8:45 p.m.5 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.4AI score0.00022EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/03/23 8:45 p.m.0 views

EUVD-2026-14614

Rails has a possible XSS vulnerability in its Action Pack debug exceptions...

5.3CVSS5.8AI score0.00022EPSS
Exploits0References3
OSV
OSVadded 2026/03/23 8:45 p.m.0 views

GHSA-PGM4-439C-5JP6 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References6
Rows per page
Query Builder