Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

EUVD-2021-0957

Malware in sbrugna...

CVE-2025-22881

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current...

CVE-2025-22881

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current...

CVE-2025-22881 Heap-based Buffer Overflow in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current...

Zoom Client for Meetings < 5.13.5 Vulnerability (ZSB-23002)

The version of Zoom Client for Meetings installed on the remote host is prior to 5.13.5. It is, therefore, affected by a vulnerability as referenced in the ZSB-23002 advisory. - Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted...

Zoom Client < 5.13.5 Multiple Vulnerabilities (ZSB-23002, ZSB-23005) - Windows

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zoom Client < 5.13.5 Multiple Vulnerabilities (ZSB-23002, ZSB-23005) - Linux

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Zoom Client < 5.13.5 Multiple Vulnerabilities (ZSB-23002, ZSB-23005) - Mac OS X

The Zoom Client is prone to multiple vulnerabilities. Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2023-22881

creationtimestamp| type| source ---|---|--- 2023-03-16 23:31:11+00:00| seen| https://t.me/cibsecurity/60209 2025-02-26 20:24:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5595...

CVE-2023-22881

The CVE-2023-22881 issue affects Zoom Client for Meetings prior to version 5.13.5, where a STUN parsing vulnerability could allow a remote attacker to crash the client via specially crafted UDP traffic, leading to a denial of service. The available connected sources corroborate that Zoom has fixe...

CVE-2022-22881

creationtimestamp| type| source ---|---|--- 2022-02-17 00:39:30+00:00| seen| https://t.me/cibsecurity/37631...

CVE-2022-22881

Jeecg-boot v3.0 is reported to contain a SQL injection vulnerability in the code parameter of /sys/user/queryUserComponentData. The CVE-2022-22881 entry documents a high-severity issue (CVSS v3.1 base score 9.8; Network Vector, Privileges None, User Interaction NONE) with potential impact on conf...

actionpack Open Redirect in Host Authorization Middleware

Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. For example, configuration files...

Possible Open Redirect in Host Authorization Middleware

There is a possible open redirect vulnerability in the Host Authorization middleware in Action Pack. Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website...

Internet Bug Bounty: The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values

Title: The Host Authorization middleware in Action Pack is vulnerable to crafted X-Forwarded-Host values Scope: https://github.com/rails/rails Weakness: Open Redirect Severity: Medium Link: https://hackerone.com/reports/1189310 Date: 2021-05-09 06:29:19 +0000 By: @mshtawy CVE IDs: CVE-2021-22942,...

Open redirect

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

CVE-2021-22903

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to...

Possible Open Redirect Vulnerability in Action Pack

There is a possible Open Redirect Vulnerability in Action Pack. Versions Affected: = v6.1.0.rc2 Not affected: v6.1.0.rc2 Fixed Versions: 6.1.3.2 Impact ------ This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host...

Fedora: Security Advisory for rubygem-activerecord (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...