Lucene search
K

21307 matches found

OSV
OSV
added 2025/03/10 10:19 p.m.13 views

GHSA-7WQH-767X-R66V Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

7.5CVSS7.7AI score0.01068EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/03/10 10:19 p.m.24 views

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS0.01068EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/03/10 10:19 p.m.18 views

CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.2AI score0.01068EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/10 10:19 p.m.18 views

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.6AI score0.01068EPSS
Exploits0References2
CVE
CVE
added 2025/03/10 10:19 p.m.321 views

CVE-2025-27610

Rack::Static in Rack (Ruby) is vulnerable to Local File Inclusion due to improper sanitization of user-supplied paths, allowing access to files under the configured root. The affected versions are prior to 2.2.13, 3.0.14, and 3.1.12, which contain the patch. The vulnerability enables traversal vi...

7.5CVSS7.2AI score0.01068EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/03/10 10:19 p.m.13 views

CVE-2025-27610 Local File Inclusion in Rack::Static

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

7.5CVSS7.2AI score0.01068EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 6:7 p.m.13 views

Security Bulletin: JSch could allow a remote attacker to traverse directories on the system which affects watsonx.data

Summary JSch could allow a remote attacker to traverse directories on the system, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2016-5725 DESCRIPTION: JSch could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request ...

5.9CVSS5.7AI score0.24143EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/10 5:42 p.m.16 views

Security Bulletin: Vulnerability with DataStage on Cloud Pak for Data related to urllib3

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to the vulnerability found. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2019-11236 DESCRIPTION: Python urllib3 is vulnerable to CRLF injection,...

6.1CVSS6.9AI score0.02056EPSS
Exploits1Affected Software1
Wordfence Blog
Wordfence Blog
added 2025/03/10 4:8 p.m.14 views

WordPress Security Research Series: WordPress Security Architecture

Welcome to Part 2 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect as well as Part 1, which covers WordPress Request Architecture and Hooks. In WordPress...

7.7AI score
Exploits0
Veracode
Veracode
added 2025/03/10 12:18 p.m.7 views

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

7.5CVSS7.4AI score0.00699EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2025/03/10 8:13 a.m.8 views

BIT-DJANGO-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.9AI score0.01398EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/03/10 12:0 a.m.3 views

PT-2025-10642 · Rack +5 · Rack +5

Name of the Vulnerable Software and Affected Versions: Rack versions prior to 2.2.13, 3.0.14, and 3.1.12 Description: The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly...

7.8CVSS7.8AI score0.01095EPSS
Exploits1References79
RubySec
RubySec
added 2025/03/10 12:0 a.m.18 views

Local File Inclusion in Rack::Static

Summary Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. Details The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically,...

7.5CVSS6.8AI score0.01068EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/09 4:40 p.m.14 views

CVE-2024-50405

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

5.5CVSS6.9AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/09 4:25 p.m.15 views

CVE-2024-53693

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

7.1CVSS6.9AI score0.00446EPSS
Exploits0References1
NVD
NVD
added 2025/03/07 5:15 p.m.9 views

CVE-2024-50405

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

5.5CVSS0.0038EPSS
Exploits0References1
OSV
OSV
added 2025/03/07 5:15 p.m.3 views

CVE-2024-53693

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

7.1CVSS5.8AI score0.00446EPSS
Exploits0References1
OSV
OSV
added 2025/03/07 5:15 p.m.3 views

CVE-2024-50405

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...

5.1CVSS5.8AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2025/03/07 5:15 p.m.9 views

CVE-2024-53693

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

7.1CVSS0.00446EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/07 4:13 p.m.11 views

CVE-2024-53693 QTS, QuTS hero

An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the...

7.1CVSS0.00446EPSS
Exploits0References1
Rows per page
Query Builder