CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2026/03/23 10:58 p.m.•2 views

CVE-2026-33167

5.3CVSS5.5AI score0.00022EPSS

CVE•added 2026/03/23 10:58 p.m.•9 views

CVE-2026-33167

CVE-2026-33167 is related to a Rails XSS in Action Pack debug exceptions. Affected component: Rails Action Pack debug exceptions page when detailed exception pages are enabled (config.consider_all_requests_local = true). Root cause: exception messages are not properly escaped, allowing injection ...

Vulnrichment•added 2026/03/23 10:58 p.m.•0 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Github Security Blog•added 2026/03/23 8:45 p.m.•5 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.4AI score0.00022EPSS

Exploits0References6Affected Software1

OSV•added 2026/03/23 8:45 p.m.•0 views

GHSA-PGM4-439C-5JP6 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

EUVD•added 2026/03/23 8:25 p.m.•1 views

Exploits0References6

EUVD-2026-14515

Sprig Plugin for Craft CMS potentially discloses sensitive information via Sprig Playground...

5.5CVSS5.8AI score0.00042EPSS

Packet Storm News•added 2026/03/23 12:0 a.m.•3 views

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

RubySec•added 2026/03/23 12:0 a.m.•9 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Exploits0References1Affected Software1

Positive Technologies•added 2026/03/23 12:0 a.m.•1 views

PT-2026-27254

OSSF Malicious Packages•added 2026/03/22 6:19 p.m.•4 views

Exploits0References8

Malicious code in @emilgroup/auth-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ccb489120e1ad55e75b6bacdf15a54015c9de9959ea853cd391dc4dd66948001 The package @emilgroup/auth-sdk-node was found to contain malicious code. Source: ghsa-malware...

CVE•added 2026/03/20 10:48 p.m.•4 views

Exploits0References4

CVE-2026-21732

The CVE-2026-21732 issue affects the GPU shader compiler library (WebGPU shader compilation path) where loading unusual shader code can trigger an out-of-bounds write, causing a crash. An edge case with very large switch values can cause a segmentation fault via OOB access during conversion in th...

9.6CVSS5.9AI score0.00071EPSS

Exploits0References1Affected Software1

Snyk•added 2026/03/20 10:0 p.m.•3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score

Exploits0References2

Chainguard•added 2026/03/20 1:17 a.m.•4 views

GHSA-WGVC-GHV9-3PMM vulnerabilities

Vulnerabilities for packages: apache-beam-python-3.12-sdk...

Fedora•added 2026/03/20 1:3 a.m.•3 views

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.104-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.5CVSS5.7AI score0.03634EPSS

RedhatCVE•added 2026/03/18 8:54 p.m.•6 views

CVE-2026-27977

A CSRF check bypass flaw has been discovered in Next.js. In the next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing privacy-sensitive/opaque contexts for example sandboxed documents to connect...

5.4CVSS5.4AI score0.00006EPSS

Exploits1References6

Microsoft Secure•added 2026/03/18 4:0 p.m.•6 views

Observability for AI Systems: Strengthening visibility for proactive risk detection

Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...

5.9AI score

GithubExploit•added 2026/03/18 12:32 p.m.•92 views

CVE-Exploit-Research-Development

Objective To research, replicate, and develop a working expl...