MiracleLinux 7 : ruby-2.0.0.648-39.0.2.el7.AXS7 (AXSA:2025-9910:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9910:01 advisory. CVE-2025-27219: fix a potential Denial of Service DoS vulnerability in cookie parsing CVE-2025-27220: fix ReDoS vulnerability exists in the...

MiracleLinux 9 : ruby:3.3 (AXSA:2025-9954:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9954:01 advisory. net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 uri:...

MiracleLinux 7 : ruby-2.0.0.648-39.0.3.el7.AXS7 (AXSA:2025-10921:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10921:03 advisory. CVE-2017-9226: fix a heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. CVE-2016-2338: fix heap overflo...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions 5.0.0 through 6.10.1, which stems from improper parsing of the text of an attacker-controlled parameter in Stringconverttovalue in the JSON-RPC API, which could lead to an unauthenticated...

MiracleLinux 7 : ruby-2.0.0.648-39.0.4.el7.AXS7 (AXSA:2025-10964:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10964:04 advisory. CVE-2016-2337: Fix type confusion in canceleval Ruby's TclTkIp class method to prevent arbitrary code execution CVE-2017-9224: Fix stack...

MiracleLinux 9 : ruby-3.0.7-165.el9_5 (AXSA:2025-9915:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9915:02 advisory. CGI: ReDoS in CGI::UtilescapeElement CVE-2025-27220 CGI: Denial of Service in CGI::Cookie.parse CVE-2025-27219 Tenable has extracted the preceding...

CLSA-2026-1768209702 ruby: Fix of CVE-2025-24294

CVE-2025-24294: fix decompressed name length limit in DNS resolver to prevent exceeding RFC 1035's 255-octet maximum...

Exploit for Improper Access Control in Rubyonrails Web_Console

CVE-2015-3...

CVE-2021-33473

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verifyurl option is disabled. This vulnerability is exploited via a crafted URL...

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

CVE-2019-18848

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...

CVE-2019-18409

The rubyparser-legacy aka legacy gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. For example, if the brakeman gem which has a legacy dependency 4.5.0 through 4.7.0 is used, a local user can insert malicious code into the...

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safeload. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. ...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

CVE-2026-22588

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...

CVE-2026-22588 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...

GHSA-J4PR-3WM6-XX2R vulnerabilities

Vulnerabilities for packages: logstash, ruby...

CVE-2025-61594 vulnerabilities

Vulnerabilities for packages: logstash, ruby...

GHSA-J4PR-3WM6-XX2R vulnerabilities

Vulnerabilities for packages: ruby, truffleruby, logstash...