CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в jruby

A vulnerability was discovered in Ruby versions 2.5.8, 2.6.x up to 2.6.6, and 2.7.x up to 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, did not rigorously check the transfer-encoding header value. An attacker could potentially exploit this vulnerability to bypass a reverse proxy which...

7.5CVSS6.7AI score0.00275EPSS

5.3CVSS6.5AI score0.08428EPSS

Astra Linux - уязвимость в ruby2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.2.6 has a denial-of-service vulnerability when it parses an XML document with many tags in an attribute value. Users who need to parse untrusted XML documents may be affected by this vulnerability. The REXML gem version 3.2.7 or lat...

Exploits1References2

7.4CVSS6.6AI score0.00074EPSS

Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в ruby2.5

URI is a module that provides classes for handling Uniform Resource Identifiers. In versions 0.12.4 and earlier bundled with Ruby 3.2 series, 0.13.2 and earlier bundled with Ruby 3.3 series, 1.0.3 and earlier bundled with Ruby 3.4 series, when using the + operator to combine URIs, sensitive...

7.5CVSS5.7AI score0.00009EPSS

7.5CVSS6.6AI score0.00239EPSS

Astra Linux - уязвимость в ruby2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.2 had some DoS vulnerabilities when parsing XML that contained many special characters, such as whitespace characters, , , and . The REXML gem versions 3.3.3 or later include patches to fix these vulnerabilities...

5.3CVSS6.8AI score0.00337EPSS

Astra Linux - уязвимость в jruby

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в jruby

In versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, code injection is possible if the first argument also known as the “command” argument passed to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this vulnerability to call arbitrary Ruby methods...

8.1CVSS6.9AI score0.01157EPSS

Exploits1References1

7.5CVSS6.5AI score0.00046EPSS

Astra Linux - уязвимость в ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections. This can lead to stack exhaustion and raise a SystemStackError exception, potentially causing ...

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в yajl

In the yajl-ruby gem version 1.3.0 for Ruby, when a properly crafted JSON file is provided to Yajl::Parser.new.parse, the entire Ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This causes the entire Ruby process to terminate, potentially leading to a denial ...

7.5CVSS7.1AI score0.01684EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в jruby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.01152EPSS

Exploits0References1

Tenable Nessus•added 2026/05/20 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5.14, and 0.6.0...

6.5CVSS5.8AI score0.00046EPSS

Exploits0References4

RubySec•added 2026/05/20 12:0 a.m.•4 views

CVE-2026-46727 - Use-after-free in pthread-based getaddrinfo timeout handler

SUMMARY A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that calls Addrinfo.getaddrinfo..., timeout: o...

8.1CVSS5.7AI score0.00161EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42121

Name of the Vulnerable Software and Affected Versions Ruby versions 4.0.0 through 4.0.4 Description Security issues were identified in the Ruby language implementation that require remediation to ensure system security. Recommendations Update Ruby to version 4.0.5...

8.1CVSS5.8AI score0.00161EPSS

Exploits0References12

Tenable Nessus•added 2026/05/20 12:0 a.m.•5 views

Oracle Linux 9 : ruby (ELSA-2026-18039)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18039 advisory. 3.0.7-166 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171254 Tenable has extracted the preceding descriptio...

8.1CVSS6.4AI score0.00048EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-42258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to comman...

9.8CVSS5.8AI score0.00092EPSS

Exploits0References3

OSV•added 2026/05/19 12:7 p.m.•3 views

RLSA-2026:18065 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

Rockylinux•added 2026/05/19 12:7 p.m.•7 views

ruby security update

An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...

OSV•added 2026/05/19 12:4 p.m.•9 views

Exploits0

RLSA-2026:18039 Important: ruby security update

Rockylinux•added 2026/05/19 12:4 p.m.•5 views

ruby security update

An update is available for ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an extensible, interpreted, object-oriented, scripting language. It has...