CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/09 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-016801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016801 advisory. ERB is a templating system for Ruby. Ruby 2.7.0 before ERB 2.2.0 was published on rubygems.org introduced an @init instance variable guard in ERBresult and ERBrun to...

8.1CVSS6AI score0.00048EPSS

Exploits0References4

CNNVD•added 2026/05/09 12:0 a.m.•7 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...

7.5CVSS5.8AI score0.00086EPSS

CNNVD•added 2026/05/09 12:0 a.m.•5 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. There were security vulnerabilities in versions of Net::IMAP between 0.4.0 and 0.4.24, 0.5.0 and 0.5.14, and 0.6.0 and 0.6.4. These vulnerabilities stemmed from the use of SCRAM-SHA1 or SCRAM-SHA25...

6.5CVSS5.8AI score0.00046EPSS

EUVD•added 2026/05/08 9:26 p.m.•7 views

EUVD-2026-28836

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00044EPSS

CVE•added 2026/05/08 9:26 p.m.•5 views

CVE-2026-42205

CVE-2026-42205 (Avo) affects the Avo framework for Ruby on Rails. The issue resides in the ActionsController’s insecure action lookup, which can ignore resource context and let an authenticated user execute any action class (descendants of Avo::BaseAction) on any resource. This creates privilege ...

8.8CVSS5.7AI score0.00044EPSS

NVD•added 2026/05/08 2:16 p.m.•7 views

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS0.00091EPSS

OSV•added 2026/05/08 2:16 p.m.•3 views

UBUNTU-CVE-2026-41493

UbuntuCve•added 2026/05/08 2:16 p.m.•4 views

Exploits0References4

CVE-2026-41493

Wolfi•added 2026/05/08 1:48 p.m.•8 views

Exploits0References3

GHSA-V2FC-QM4H-8HQV vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby4.0-rails, ruby3.2-rails, kube-logging-operator, ruby3.3-rails...

5.4AI score

Chainguard•added 2026/05/08 1:17 p.m.•6 views

GHSA-C4RQ-3M3G-8WGX vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, pact-broker-docker, kube-logging-operator, pact-broker-docker-fips, ruby3.4-rails, ruby4.0-rails, ruby3.2-rails...

5.4AI score

Chainguard•added 2026/05/08 1:17 p.m.•7 views

GHSA-V2FC-QM4H-8HQV vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, pact-broker-docker, kube-logging-operator, pact-broker-docker-fips, ruby3.4-rails, ruby4.0-rails, ruby3.2-rails...

5.4AI score

Vulnrichment•added 2026/05/08 1:13 p.m.•6 views

CVE-2026-41493 yard: Possible arbitrary path traversal and file access via yard server

6.9CVSS5.9AI score0.00091EPSS

Debian CVE•added 2026/05/08 1:13 p.m.•7 views

CVE-2026-41493

EUVD•added 2026/05/08 1:13 p.m.•9 views

EUVD-2026-28554

6.9CVSS5.9AI score0.00091EPSS

CNNVD•added 2026/05/08 12:0 a.m.•5 views

YARD 路径遍历漏洞

YARD is a Ruby documentation generation tool developed by Loren Segal. Versions of YARD prior to 0.9.42 contained a path traversal vulnerability. This vulnerability stemmed from the use of the yard server’s path traversal feature, which could allow uncleaned HTTP requests to access arbitrary file...

CNNVD•added 2026/05/08 12:0 a.m.•4 views

Avo 访问控制错误漏洞

Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.31.2 contained a security vulnerability related to access control. This vulnerability stemmed from insecure operation search logic in the ActionsController, allowing authenticated...

8.8CVSS5.7AI score0.00044EPSS

Tenable Nessus•added 2026/05/08 12:0 a.m.•5 views

Ruby net-imap < 0.3.10 / 0.4.x < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 vulnerability

The version of the net-imap Ruby library installed on the remote host is prior to 0.3.10, 0.4.x prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by a man-in-the-middle vulnerability. A flaw in the Net::IMAPstarttls function allows a man-in-the-middle...

7.6CVSS5.8AI score0.00016EPSS

Tenable Nessus•added 2026/05/08 12:0 a.m.•5 views

Ruby net-imap 0.4.x < 0.4.24 / 0.5.x < 0.5.14 / 0.6.x < 0.6.4 vulnerability

The version of the net-imap Ruby library installed on the remote host is prior to 0.4.x prior to 0.4.24, 0.5.x prior to 0.5.14, or 0.6.x prior to 0.6.4. It is, therefore, affected by a computational denial-of-service vulnerability. A denial of service vulnerability exists when authenticating a...

6.5CVSS5.8AI score0.00046EPSS