CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

397 matches found

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.5AI score0.15453EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в rails

The Actionpack Ruby gem versions prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, and 5.2.6 have a possible denial-of-service vulnerability in the Token Authentication logic of the Action Controller, due to overly permissive regular expressions. Affected code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.8AI score0.03338EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

7.4CVSS6.3AI score0.00187EPSS

Exploits0References1

Tenable Nessus•added 2026/05/04 12:0 a.m.•6 views

RHCOS 6 : Ruby on Rails (RHSA-2013:0153)

The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0153 advisory. - rubygem-activesupport: Multiple vulnerabilities in parameter parsing in ActionPack CVE-2013-0156 Note that Nessus has not tested for this...

7.5CVSS7.5AI score0.91907EPSS

Exploits21References6

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в rails

An XSS Vulnerability in Action Pack = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses...

6.1CVSS6.2AI score0.00495EPSS

Exploits0References1

Tenable Nessus•added 2026/03/28 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

5.3CVSS6AI score0.00022EPSS

Exploits0References2

SUSE CVE•added 2026/03/25 12:24 a.m.•3 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00022EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:17 a.m.•1 views

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

5.4CVSS6AI score0.00022EPSS

Exploits0References6

NVD•added 2026/03/23 11:17 p.m.•0 views

CVE-2026-33167

5.3CVSS0.00022EPSS

Exploits0References3

OSV•added 2026/03/23 11:17 p.m.•2 views

UBUNTU-CVE-2026-33167

5.3CVSS5.9AI score0.00022EPSS

Exploits0References5

UbuntuCve•added 2026/03/23 11:17 p.m.•1 views

CVE-2026-33167

5.3CVSS6AI score0.00022EPSS

Exploits0References4

ATTACKERKB•added 2026/03/23 10:58 p.m.•2 views

CVE-2026-33167

5.3CVSS5.9AI score0.00022EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/23 10:58 p.m.•2 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

5.3CVSS6AI score0.00022EPSS

Exploits0References5

Cvelist•added 2026/03/23 10:58 p.m.•20 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

5.3CVSS0.00022EPSS

Exploits0References3

CVE•added 2026/03/23 10:58 p.m.•7 views

CVE-2026-33167

CVE-2026-33167 is related to a Rails XSS in Action Pack debug exceptions. Affected component: Rails Action Pack debug exceptions page when detailed exception pages are enabled (config.consider_all_requests_local = true). Root cause: exception messages are not properly escaped, allowing injection ...

5.3CVSS5.9AI score0.00022EPSS

Exploits0References3

Debian CVE•added 2026/03/23 10:58 p.m.•2 views

CVE-2026-33167

5.3CVSS5.5AI score0.00022EPSS

Exploits0

Vulnrichment•added 2026/03/23 10:58 p.m.•0 views

CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions

5.3CVSS5.9AI score0.00022EPSS

Exploits0References3

Github Security Blog•added 2026/03/23 8:45 p.m.•4 views

Rails has a possible XSS vulnerability in its Action Pack debug exceptions

Impact The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled config.considerallrequestslocal = true, whi...

5.3CVSS5.4AI score0.00022EPSS

Exploits0References6Affected Software1