Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8107 matches found

Snyk
Snykadded 2026/03/23 8:25 p.m.3 views

Active Debug Code

Overview putyourlightson/craft-sprig is an A reactive Twig component framework for Craft. Affected versions of this package are vulnerable to Active Debug Code in the Sprig Playground component. An administrator can access sensitive information, such as security keys, credentials, and configurati...

7CVSS5.8AI score0.00042EPSS
Exploits0References2
NVD
NVDadded 2026/03/23 7:16 a.m.1 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS0.00006EPSS
Exploits0References3
OSV
OSVadded 2026/03/23 7:16 a.m.0 views

UBUNTU-CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.8AI score0.00006EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/23 6:57 a.m.1 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.8AI score0.00006EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/23 12:0 a.m.4 views

Rails Action Pack 跨站脚本漏洞

Rails Action Pack is a web framework developed by the Rails team in the United States. It provides a routing mechanism mapping request URLs to actions, defines controllers for handling actions, and includes mechanisms for generating responses through rendering views templates in various formats...

5.3CVSS5.7AI score0.00022EPSS
Exploits0References4
RubySec
RubySecadded 2026/03/23 12:0 a.m.9 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.1 views

PT-2026-27254

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References8
EUVD
EUVDadded 2026/03/22 3:31 p.m.3 views

EUVD-2019-19952

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References4
NVD
NVDadded 2026/03/22 2:16 p.m.2 views

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS0.00045EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/22 1:38 p.m.27 views

CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS0.00045EPSS
Exploits0References3
CVE
CVEadded 2026/03/22 1:38 p.m.3 views

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that exposes plaintext user credentials through Android Debug Bridge. Attackers could access developer console logs via adb logcat and extract passwords logged during the forgot password flow, compromising user account credentials. The i...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/22 1:38 p.m.0 views

CVE-2019-25605

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/22 1:38 p.m.1 views

CVE-2019-25605 EquityPandit 1.0 Insecure Logging Information Disclosure

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References3
Hacker One
Hacker Oneadded 2026/03/22 4:50 a.m.6 views

AWS VDP: Encryption context keys and values logged at INFO level

Component: cmd/server/main.go:101-106 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary The server startup code logs all encryption context key-value pairs at INFO level. Encryption context is metadata associated with KMS operations...

5.9AI score
Exploits0
CNNVD
CNNVDadded 2026/03/22 12:0 a.m.3 views

EquityPandit 安全漏洞

EquityPandit is a service platform provided by EquityPandit Inc. that offers stock market analysis, investment advice, and market predictions. Version 1.0 of EquityPandit has a security vulnerability. This vulnerability stems from insecure logging practices, which could allow attackers to access...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/22 12:0 a.m.0 views

PT-2026-26993

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/20 6:31 p.m.1 views

EUVD-2025-208905

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.00326EPSS
Exploits0References3
NVD
NVDadded 2026/03/20 5:16 p.m.3 views

CVE-2025-15607

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

9.8CVSS0.00326EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 4:31 p.m.3 views

CVE-2025-15607

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/20 12:0 a.m.2 views

PT-2026-26630

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.00326EPSS
Exploits0References6
Rows per page
Query Builder