Lucene search
+L

60 matches found

NVD
NVD
added yesterday7 views

CVE-2026-49209

Symfony UX is a JavaScript ecosystem for Symfony. From 2.5.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry; because the array size is never bounded, ...

5.3CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/19 7:34 p.m.11 views

symfony/ux-live-component: Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.3CVSS5.8AI score
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/06 7:48 p.m.4 views

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

5.3CVSS7.2AI score0.00284EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1009

Malware in sbrugna...

7.5CVSS6.2AI score0.04808EPSS
Exploits1References17
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2024-0589

Malicious code in bioql PyPI...

6.1CVSS5.3AI score0.01034EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-22904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in...

7.5CVSS6.7AI score0.04808EPSS
Exploits1References2
OSV
OSV
added 2024/12/20 9:50 a.m.19 views

BIT-RAILS-2024-26143 Rails Possible XSS Vulnerability in Action Controller

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

6.1CVSS4.9AI score0.01034EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2024/11/14 12:0 a.m.8 views

The vulnerability of the Action Controller component of the Action Pack interpreter for Ruby allows a attacker to trigger a service failure.

The vulnerability of the Action Controller component of the Action Pack interpreter in Ruby is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

3.7CVSS5.7AI score0.01048EPSS
Exploits0References10Affected Software6
OSV
OSV
added 2024/11/01 3:31 p.m.15 views

SUSE-SU-2024:3877-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller bsc1231729. - CVE-2024-42228: Fixed uninitialized value size when calling amdgpuvcecsreloc bsc1228667...

8.7CVSS6.5AI score0.01048EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/16 8:2 p.m.15 views

CVE-2024-47887 Action Controller has possible ReDoS vulnerability in HTTP Token authentication

Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For applications using HTTP Token authenticatio...

8.7CVSS7.1AI score0.01048EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/10/15 11:35 p.m.19 views

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

8.7CVSS7.5AI score0.01048EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/10/15 11:35 p.m.22 views

GHSA-VFG9-R3FQ-JVX4 Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact ------ For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted...

8.7CVSS5.5AI score0.01048EPSS
Exploits0References3
RubySec
RubySec
added 2024/10/15 12:0 a.m.28 views

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller

There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887. Impact For applications using HTTP Token authentication via authenticateorrequestwithhttptoken or similar, a carefully crafted header m...

8.7CVSS7.2AI score0.01048EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/05/26 9:45 a.m.12 views

Internet Bug Bounty: Possible XSS Vulnerability in Action Controller

There was a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. The vulnerability was assigned the CVE identifier CVE-2024-26143. Affected versions were 7.0.0 and above. The issue was fixed in versions 7.1.3.1 and 7.0.8.1...

6.1CVSS5.8AI score0.01034EPSS
Exploits1
OSV
OSV
added 2024/02/27 9:41 p.m.23 views

GHSA-9822-6M93-XQF4 Rails has possible XSS Vulnerability in Action Controller

Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...

6.1CVSS5.2AI score0.01034EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/02/27 9:41 p.m.50 views

Rails has possible XSS Vulnerability in Action Controller

Possible XSS Vulnerability in Action Controller There is a possible XSS vulnerability when using the translation helpers translate, t, etc in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2024-26143. Versions Affected: = 7.0.0. Not affected: 7.0.0 Fixed Versions:...

6.1CVSS6.2AI score0.01034EPSS
Exploits1References8Affected Software2
NVD
NVD
added 2024/02/27 4:15 p.m.19 views

CVE-2024-26143

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

6.1CVSS5.9AI score0.01034EPSS
Exploits1References6
Prion
Prion
added 2024/02/27 4:15 p.m.29 views

Design/Logic Flaw

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

5.8CVSS6.1AI score0.01034EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2024/02/27 4:15 p.m.35 views

CVE-2024-26143

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

6.1CVSS6.3AI score0.01034EPSS
Exploits1References8
CVE
CVE
added 2024/02/27 3:33 p.m.203 views

CVE-2024-26143

CVE-2024-26143 concerns Rails’ Action Controller translation helpers. Affected code paths involve using translate/t with a key ending in “_html” and a :default value containing untrusted input, where the resulting string is rendered in a view, creating an XSS risk. The issue is fixed in Rails ver...

6.1CVSS6AI score0.01034EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder