CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Oracle linux•added 2026/05/18 12:0 a.m.•8 views

ruby security update

3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244...

8.1CVSS6.3AI score0.00048EPSS

Tenable Nessus•added 2026/05/18 12:0 a.m.•5 views

Oracle Linux 10 : ruby (ELSA-2026-18065)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18065 advisory. 3.3.10-12 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171244 Tenable has extracted the preceding descripti...

8.1CVSS6.4AI score0.00048EPSS

Exploits0References2

AlmaLinux•added 2026/05/18 12:0 a.m.•6 views

Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

OSV•added 2026/05/18 12:0 a.m.•5 views

ALSA-2026:18030 Important: ruby:3.3 security update

Tenable Nessus•added 2026/05/18 12:0 a.m.•6 views

RockyLinux 9 : ruby:3.3 (RLSA-2026:18030)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18030 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the RockyLinux...

8.1CVSS6.3AI score0.00048EPSS

Exploits0References3

OSV•added 2026/05/18 12:0 a.m.•4 views

ALSA-2026:18065 Important: ruby security update

Tenable Nessus•added 2026/05/18 12:0 a.m.•4 views

RHEL 9 : ruby:3.3 (RHSA-2026:18030)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18030 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

Tenable Nessus•added 2026/05/18 12:0 a.m.•5 views

RHEL 10 : ruby (RHSA-2026:18065)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18065 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...

OSV•added 2026/05/18 12:0 a.m.•3 views

ALSA-2026:18039 Important: ruby security update

RubySec•added 2026/05/18 12:0 a.m.•7 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00015EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2026/05/18 12:0 a.m.•5 views

RHEL 9 : ruby (RHSA-2026:18039)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

AlmaLinux•added 2026/05/18 12:0 a.m.•5 views

Important: ruby security update

Tenable Nessus•added 2026/05/16 12:0 a.m.•7 views

Amazon Linux 2023 : ruby3.4, ruby3.4-bundled-gems, ruby3.4-default-gems (ALAS2023-2026-1690)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1690 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB...

8.1CVSS6AI score0.00048EPSS

RedhatCVE•added 2026/05/15 4:8 p.m.•6 views

CVE-2026-42245

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.00086EPSS

Exploits0References10

OSV•added 2026/05/15 1:59 p.m.•7 views

OESA-2026-2285 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

7.5CVSS5.9AI score0.00091EPSS

Exploits0References2

Amazon•added 2026/05/15 12:0 a.m.•6 views

Important: ruby3.4

Issue Overview: ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to prevent code execution when an ERB object is reconstructed via Marshal.load deserialization. However, three other...

Debian CVE•added 2026/05/14 4:15 p.m.•7 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS