Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limitin...

7.5CVSS6.6AI score0.01612EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-34831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsi...

6.5CVSS6.5AI score0.00147EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.9 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.10 views

SUSE CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/02 6:44 p.m.4 views

EUVD-2026-18382

Rack::Static prefix matching can expose unintended files under the static root...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 6:20 p.m.5 views

Permissive Regular Expression

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS0.00369EPSS
Exploits0References4
NVD
NVD
added 2026/04/02 5:16 p.m.5 views

CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

7.5CVSS0.0038EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 5:16 p.m.4 views

DEBIAN-CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.2AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 5:16 p.m.7 views

CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 5:16 p.m.5 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS0.00387EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.4 views

CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.6 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.2 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.3 views

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

7.5CVSS5.7AI score0.0043EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.4 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.9AI score0.00195EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.8 views

CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.3 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 5:16 p.m.5 views

UBUNTU-CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/02 4:47 p.m.3 views

CVE-2026-34830

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...

7.5CVSS5.3AI score0.00209EPSS
Exploits0
Rows per page
Query Builder