Lucene search
+L

55 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/02 4:46 p.m.3 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/02 4:46 p.m.3 views

CVE-2026-34829 Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS7AI score0.00369EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/02 4:46 p.m.6 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.3AI score0.00369EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/02 4:45 p.m.23 views

CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

5.3CVSS0.0038EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/02 4:44 p.m.20 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.3AI score0.00195EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:44 p.m.3 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/02 4:44 p.m.17 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS0.00387EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/02 4:44 p.m.3 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/02 4:42 p.m.9 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/02 4:41 p.m.4 views

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

7.5CVSS5.1AI score0.0043EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29810

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If the root path contains regex metacharacters su...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References54
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29812

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Static uses a simple string prefix check to determine if a request should be served as a static file. When configured with URL prefixes like "/css", it matches any request path...

7.8CVSS5.9AI score0.00387EPSS
Exploits0References54
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29817

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack's Rack::Multipart::Parser does not limit the size of multipart uploads when a Content-Length header is not present, such as with HTTP chunked transfer encoding. Specifically, wh...

7.8CVSS5.9AI score0.0043EPSS
Exploits0References54
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Multipart::Parser, which handles multipart requests without a limit on the total size, potentially leading to...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.10 views

Rack 信息泄露漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6 contained an information leakage vulnerability. This vulnerability stemmed from Rack::Static’s use of simple string prefix checks to determine whether a request should be...

7.5CVSS5.8AI score0.00387EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.18 views

PT-2026-29808

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack’s Rack::Multipart::Parser uses a greedy regular expression to extract the boundary parameter from multipart/form-data. When a Content-Type header contains multiple boundary...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References54
CNNVD
CNNVD
added 2025/11/14 12:0 a.m.4 views

WordPress plugin School Management System – WPSchoolPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Schoo...

4.9CVSS7.7AI score0.00301EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/13 11:14 p.m.6 views

WordPress School Management System – WPSchoolPress plugin <= 2.2.23 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin WPSchoolPress versions = 2.2.23...

4.9CVSS7.8AI score0.00301EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-28051

Malicious code in bioql PyPI...

8.1CVSS8.7AI score0.00649EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 1:15 p.m.4 views

CVE-2025-46474

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in SEUR OFICIAL SEUR Oficial seur allows PHP Local File Inclusion.This issue affects SEUR Oficial: from n/a through = 2.2.23...

8.1CVSS0.00649EPSS
Exploits0References1
Rows per page
Query Builder