Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

177 matches found

NVD
NVDadded 2026/05/14 7:16 p.m.4 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.00128EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/14 6:35 p.m.28 views

CVE-2026-22599 Strapi Vulnerable to SQL Injection in Content Type Builder

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.00128EPSS
Exploits0References3
CVE
CVEadded 2026/05/14 6:35 p.m.7 views

CVE-2026-22599

Strapi Content-Type Builder contains a database-query injection in the write API for the 4.x and 5.x branches prior to 4.26.1 and 5.33.2. An authenticated administrator could pass arbitrary SQL via column.defaultTo (as [value, { isRaw: true }]) to Knex during schema migrations, enabling statement...

9.3CVSS6.5AI score0.00128EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/14 6:35 p.m.3 views

EUVD-2026-30352

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS6.5AI score0.00128EPSS
Exploits0References3
Snyk
Snykadded 2026/05/13 8:2 p.m.3 views

SQL Injection

Overview @strapi/plugin-content-type-builder is a Strapi plugin to create content type Affected versions of this package are vulnerable to SQL Injection via the column.defaultTo attribute in the content type creation or modification. An attacker can execute arbitrary database statements by...

9.3CVSS6.7AI score0.00128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/03/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

5.3CVSS6AI score0.00022EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References3
NVD
NVDadded 2026/03/23 11:17 p.m.0 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00022EPSS
Exploits0References3
OSV
OSVadded 2026/03/23 11:17 p.m.2 views

UBUNTU-CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References5
UbuntuCve
UbuntuCveadded 2026/03/23 11:17 p.m.1 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References4
OSV
OSVadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/03/23 10:58 p.m.20 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00022EPSS
Exploits0References3
CVE
CVEadded 2026/03/23 10:58 p.m.6 views

CVE-2026-33167

CVE-2026-33167 is related to a Rails XSS in Action Pack debug exceptions. Affected component: Rails Action Pack debug exceptions page when detailed exception pages are enabled (config.consider_all_requests_local = true). Root cause: exception messages are not properly escaped, allowing injection ...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.5AI score0.00022EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/03/23 10:58 p.m.0 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/23 8:45 p.m.4 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.4AI score0.00022EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/03/23 8:25 p.m.1 views

EUVD-2026-14515

Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground...

5.5CVSS5.8AI score0.00042EPSS
Exploits0References3
RubySec
RubySecadded 2026/03/23 12:0 a.m.7 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.0 views

PT-2026-27254

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00022EPSS
Exploits0References8
Rows per page
Query Builder