Lucene search
+L

4384 matches found

ibm
ibm
added 2026/05/14 3:43 p.m.13 views

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.2 Vulnerability Details CVEID:CVE-2026-33168 DESCRIPTION: Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a...

8.7CVSS6.2AI score0.0061EPSS
Exploits0Affected Software5
snyk
snyk
added 2026/05/14 2:22 p.m.11 views

Malicious Package

Overview knot-rails-assets-pipeline is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

9.8CVSS5.8AI score
Exploits0References2
osv
osv
added 2026/05/13 3:9 a.m.5 views

MAL-2026-3634 Malicious code in knot-rails-assets-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
ossf
ossf
added 2026/05/13 3:9 a.m.18 views

Malicious code in knot-rails-assets-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score
Exploits0References1
redhatcve
redhatcve
added 2026/05/12 8:21 p.m.12 views

CVE-2026-42205

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1
debian
debian
added 2026/05/11 2:17 p.m.14 views

[SECURITY] [DLA 4578-1] rails security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 11, 2026 https://wiki.debian.org/LTS -...

9.8CVSS6.5AI score0.02386EPSS
Exploits1
nessus
nessus
added 2026/05/11 12:0 a.m.13 views

Debian dla-4578 : rails - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4578 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4578-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS5.9AI score0.02386EPSS
Exploits1References4
cgr
cgr
added 2026/05/10 7:17 a.m.24 views

CVE-2026-43870 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

7.3CVSS6.1AI score0.00394EPSS
Exploits0
cgr
cgr
added 2026/05/10 7:17 a.m.10 views

GHSA-526F-JXPJ-JMG2 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1AI score
Exploits0
cgr
cgr
added 2026/05/10 1:17 a.m.10 views

GHSA-HG3H-G7XC-F7VP vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1AI score
Exploits0
cgr
cgr
added 2026/05/10 1:17 a.m.15 views

CVE-2026-44836 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.5CVSS6.1AI score0.00343EPSS
Exploits0
cgr
cgr
added 2026/05/10 1:17 a.m.14 views

CVE-2026-44837 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

7.5CVSS6.1AI score0.00412EPSS
Exploits1
cgr
cgr
added 2026/05/10 1:17 a.m.12 views

GHSA-7F3R-GWC9-2995 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1AI score
Exploits0
cgr
cgr
added 2026/05/09 1:17 p.m.16 views

CVE-2026-40295 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1CVSS6.1AI score0.00241EPSS
Exploits0
cgr
cgr
added 2026/05/09 1:17 p.m.15 views

GHSA-JP94-3292-C3XV vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1AI score
Exploits0
github
github
added 2026/05/08 11:33 p.m.23 views

view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

Summary The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. Severity: Medium; test-rou...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References4Affected Software1
github
github
added 2026/05/08 11:33 p.m.11 views

view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/05/08 9:26 p.m.20 views

CVE-2026-42205

CVE-2026-42205 (Avo) affects the Avo framework for Ruby on Rails. The issue resides in the ActionsController’s insecure action lookup, which can ignore resource context and let an authenticated user execute any action class (descendants of Avo::BaseAction) on any resource. This creates privilege ...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
euvd
euvd
added 2026/05/08 9:26 p.m.11 views

EUVD-2026-28836

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
osv
osv
added 2026/05/08 9:26 p.m.4 views

CVE-2026-42205 Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.9AI score0.00295EPSS
Exploits0References4
Rows per page
Query Builder