CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

EUVD-2026-14614

Rails has a possible XSS vulnerability in its Action Pack debug exceptions...

GHSA-PGM4-439C-5JP6 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Element Pack Elementor Addons versions = 8.4.2...

SUSE-SU-2026:0970-1 Security update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.275 fixes various security issues The following security issues were fixed: - CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage bsc1250785. - CVE-2022-50697: mrp: introduce active flags to prevent UAF when...

Rails Action Pack 跨站脚本漏洞

Rails Action Pack is a web framework developed by the Rails team in the United States. It provides a routing mechanism mapping request URLs to actions, defines controllers for handling actions, and includes mechanisms for generating responses through rendering views templates in various formats...

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

PT-2026-27254

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

Security Bulletin: IBM WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server could provide weaker than expected security when using the Security Utility to encode a secret. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server Liberty could provide weaker than expected security when using the...

SUSE: Security Advisory (SUSE-SU-2026:0909-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-H9Q6-HC68-35RP Denial of service in github.com/shamaton/msgpack

The msgpack decoder fails to properly validate the input buffer length when processing truncated fixext data format codes 0xd4-0xd8. This can lead to an out-of-bounds read and a runtime panic, allowing a denial of service attack...

org.bedework.deploy:bw-wf-feature-pack (>=4.1.0 <=5.0.0), org.bedework.deploy:bw-wf-keycloak-saml-filter-feature-pack (>=4.0.3 <=5.0.0) +39 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-adapter-core (>=10.0.0 <=26.5.3)

org.keycloak:keycloak-saml-adapter-core MAVEN version =10.0.0, =4.1.0, =4.0.3, =21.1.0, =10.0.0, =10.0.0, =11.0.0, =21.1.0, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =1.6.0.Final, =10.0.0, =10.0.0, =18.0.2 and more Source cves: CVE-2026-2575 Source advisory:...

Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM OpenPages is vulnerable to multiple vulnerabilities

Summary IBM WebSphere Application Server Liberty is shipped as a supporting program of IBM OpenPages. Information about multiple vulnerabilities affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. These products have addressed the applicable CVEs. For a...

CVE-2026-2454

Mattermost exposes a DoS vulnerability in the Calls plugin via malformed msgpack frames over WebSocket. Affected versions: 11.3.x ≤ 11.3.0, 11.2.x ≤ 11.2.2, 10.11.x ≤ 10.11.10. Root cause: incorrect handling of reported array lengths, enabling a malicious user to trigger OOM and crash the server....

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

USN-8088-1 golang-github-go-git-go-git vulnerabilities

Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...

USN-8088-1: go-git vulnerabilities

Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...

Description of the security update for SharePoint Server 2016 Language Pack: March 10, 2026 (KB5002851)

Description of the security update for SharePoint Server 2016 Language Pack: March 10, 2026 KB5002851 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install this...