58 matches found
CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
EUVD-2021-1009
Malware in sbrugna...
EUVD-2024-0589
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-22904
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in...
BIT-RAILS-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
The vulnerability of the Action Controller component of the Action Pack interpreter for Ruby allows a attacker to trigger a service failure.
The vulnerability of the Action Controller component of the Action Pack interpreter in Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...
SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...
CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...
GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...
Internet Bug Bounty: Possible XSS Vulnerability in Action Controller
There was a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. The vulnerability was assigned the CVE identifier CVE-2024-26143. Affected versions were 7.0.0 and above. The issue was fixed in versions 7.1.3.1 and 7.0.8.1...
Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...
GHSA-9822-6M93-XQF4 Rails has possible XSS Vulnerability in Action Controller
Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...
CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
Design/Logic Flaw
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143 Rails Possible XSS Vulnerability in Action Controller
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...
CVE-2024-26143
CVE-2024-26143 concerns Rails’ Action Controller translation helpers. Affected code paths involve using translate/t with a key ending in “_html” and a :default value containing untrusted input, where the resulting string is rendered in a view, creating an XSS risk. The issue is fixed in Rails ver...