19 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...
CVE-2026-44837
creationtimestamp| type| source ---|---|--- 2026-05-05 20:34:03+00:00| published-proof-of-concept| https://github.com/ViewComponent/viewcomponent/security/advisories/GHSA-hg3h-g7xc-f7vp...
CVE-2021-44837
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the idcat1 query parameter to indicate the risk...
CVE-2025-44837
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44837
creationtimestamp| type| source ---|---|--- 2025-05-01 19:01:21+00:00| seen| https://t.me/cvedetector/24233...
CVE-2025-44837
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44837
TOTOLINK CPE CP900 V6.3c.1144B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2025-44837
TOTOLINK CPE CP900 v6.3c.1144_B20190715 contains a command injection in CloudSrvUserdataVersionCheck. The vulnerability allows executing arbitrary commands via crafted requests using the url or magicid parameters. Affected component: CloudSrvUserdataVersionCheck function (Totolink CP900). Exploit...
CVE-2024-44837
creationtimestamp| type| source ---|---|--- 2024-09-06 17:26:20+00:00| seen| https://t.me/cvedetector/4971...
CVE-2023-44837
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2023-44837
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2023-44837
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2023-44837
CVE-2023-44837 affects D-Link DIR-823G (A1V1.0.2B05). The vulnerability is a buffer overflow in the SetWanSettings function, triggered via the Password parameter, allowing a crafted input to cause Denial of Service. The CVE’s metrics indicate NETWORK attack vector and HIGH impact to availability,...
CVE-2021-44837
creationtimestamp| type| source ---|---|--- 2022-01-19 16:25:56+00:00| seen| https://t.me/cibsecurity/35866...
CVE-2021-44837
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the idcat1 query parameter to indicate the risk...
CVE-2021-44837
Delta RM 1.2 is affected by an authorization issue where an unprivileged user can access the same information as an administrator regarding risk creation via the endpoint /risque/administration/referentiel/json/create/categorie using the id_cat1 parameter. The root cause is insufficient access co...