Lucene search
K

4378 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Rails

There is a potential escalation to an RCE vulnerability when using YAML serialized columns in Active Record versions 7.0.3.1, 6.1.6.1, 6.0.5.1, and 5.2.8.1. This could allow an attacker, who can manipulate data in the database through methods like SQL injection, to escalate the attack to an RCE...

9.8CVSS6.7AI score0.02386EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, certain configurations of Rails::Html::Sanitizer could potentially introduce XSS vulnerabilities. An attacker could inject content if the application developer overrides the sanitizer’...

7.2CVSS6.3AI score0.00988EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Rails

Action Pack is a framework for handling and responding to web requests. Under certain circumstances, response bodies may not be closed properly. If a response does not notify the system of a close operation, ActionDispatch::Executor will not know to reset the thread local state for the next...

7.4CVSS6.3AI score0.02207EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Rails

A potential information disclosure/vulnerability in Action Pack = 2.0.0, where using the redirectto or polymorphicurl helper with untrusted user input may lead to unintended method executions...

7.5CVSS6.4AI score0.04195EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

6.1CVSS5.7AI score0.01594EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...

6.1CVSS6.1AI score0.01485EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions starting from 1.0.3 and before 1.4.4 are vulnerable to cross-site scripting through data URIs when used in conjunction with Loofah version 2.1.0 or higher. This issue has been fixed in version 1.4.4...

6.1CVSS5.9AI score0.00867EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer 1.4.4 use a inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a...

7.5CVSS6.3AI score0.01454EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Ruby-Rack

A denial-of-service vulnerability in the multipart parsing component of Rack was fixed in versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0.1. This vulnerability could allow attackers to craft input that causes the RFC2183 multipart boundary parsing in Rack to take an unexpectedly long time,...

7.5CVSS6.4AI score0.01617EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Possible XSS Vulnerability in Rails::Html::Sanitizer There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This vulnerability has been assigned the CVE identifier CVE-2022-32209. Vulnerabilities affected: ALL Not affected: NONEMeaning: Fixed versions: v1.4.3...

6.1CVSS6.5AI score0.2914EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Rails

The Actionpack Ruby gem versions prior to 6.1.3.2, 6.0.3.7, 5.2.4.6, and 5.2.6 have a possible denial-of-service vulnerability in the Token Authentication logic of the Action Controller, due to overly permissive regular expressions. Affected code uses authenticateorrequestwithhttptoken or...

7.5CVSS6.5AI score0.04808EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to version 5.6.2 of Puma, Puma might not always call close on the response body. Before version 7.0.2.2 of Rails, Rails relied on the response body being closed in order for its CurrentAttributes implementation to work correctly. The...

8CVSS6.3AI score0.02124EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/05/15 7:17 p.m.16 views

CVE-2026-44973 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, nemo, chainloop-cli-fips, terragrunt-fips, syft, syft-fips, cerbos-fips, argo-cd, gitaly, packer-fips, seaweedfs-rocksdb-fips, rclone-fips, scorecard, telegraf, upwind-agent, gitlab-rails-ce-fips, skaffold-fips, amazon-ssm-agent, kyverno-fips, cerbos,...

8.1CVSS6.1AI score0.0031EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/15 7:17 p.m.57 views

GHSA-QW64-3X98-G7Q2 vulnerabilities

Vulnerabilities for packages: argo-cd-fips, nemo, chainloop-cli-fips, terragrunt-fips, syft, syft-fips, cerbos-fips, argo-cd, gitaly, packer-fips, seaweedfs-rocksdb-fips, rclone-fips, scorecard, telegraf, upwind-agent, gitlab-rails-ce-fips, skaffold-fips, amazon-ssm-agent, kyverno-fips, cerbos,...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/14 5:16 p.m.42 views

CVE-2026-44511

Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the...

7.4CVSS0.00197EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 3:43 p.m.13 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...

8.7CVSS6.2AI score0.0061EPSS
Exploits0Affected Software5
Snyk
Snyk
added 2026/05/14 2:22 p.m.11 views

Malicious Package

Overview knot-rails-assets-pipeline is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 3:9 a.m.16 views

Malicious code in knot-rails-assets-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/13 3:9 a.m.4 views

MAL-2026-3634 Malicious code in knot-rails-assets-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.10 views

CVE-2026-42205

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder