Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

178 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:14 p.m.8 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS6.4AI score0.01178EPSS
Exploits0References1
NVD
NVDadded 2026/05/14 7:16 p.m.10 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.01178EPSS
Exploits0References3
CVE
CVEadded 2026/05/14 6:35 p.m.26 views

CVE-2026-22599

Strapi Content-Type Builder contains a database-query injection in the write API for the 4.x and 5.x branches prior to 4.26.1 and 5.33.2. An authenticated administrator could pass arbitrary SQL via column.defaultTo (as [value, { isRaw: true }]) to Knex during schema migrations, enabling statement...

9.3CVSS6.5AI score0.01178EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/14 6:35 p.m.36 views

CVE-2026-22599 Strapi Vulnerable to SQL Injection in Content Type Builder

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.01178EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/14 6:35 p.m.6 views

EUVD-2026-30352

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS6.5AI score0.01178EPSS
Exploits0References3
Snyk
Snykadded 2026/05/13 8:2 p.m.5 views

SQL Injection

Overview @strapi/plugin-content-type-builder is a Strapi plugin to create content type Affected versions of this package are vulnerable to SQL Injection via the column.defaultTo attribute in the content type creation or modification. An attacker can execute arbitrary database statements by...

9.3CVSS6.7AI score0.01178EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

5.3CVSS6AI score0.00401EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/03/25 12:24 a.m.3 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References3
NVD
NVDadded 2026/03/23 11:17 p.m.4 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00401EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/03/23 11:17 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References4
OSV
OSVadded 2026/03/23 11:17 p.m.8 views

UBUNTU-CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/23 10:58 p.m.22 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS0.00401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/23 10:58 p.m.2 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/23 10:58 p.m.1 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
CVE
CVEadded 2026/03/23 10:58 p.m.10 views

CVE-2026-33167

CVE-2026-33167 : Action Pack (Rails) contains an XSS vulnerability in the debug exceptions page for Rails 8.1.x branches before 8.1.2.1. When apps have detailed exception pages enabled (config.consider_all_requests_local = true, default in development), crafted exception messages could inject arb...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
OSV
OSVadded 2026/03/23 10:58 p.m.3 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References5
Debian CVE
Debian CVEadded 2026/03/23 10:58 p.m.3 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.5AI score0.00401EPSS
Exploits0
Github Security Blog
Github Security Blogadded 2026/03/23 8:45 p.m.9 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.4AI score0.00401EPSS
Exploits0References6Affected Software1
EUVD
EUVDadded 2026/03/23 8:25 p.m.2 views

EUVD-2026-14515

Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground...

5.5CVSS5.8AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.2 views

PT-2026-27254

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References8
Rows per page
Query Builder