Lucene search
K

4378 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

7.5CVSS5.5AI score0.00412EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 9:16 p.m.14 views

CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS0.00343EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 9:16 p.m.5 views

DEBIAN-CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.5 views

DEBIAN-CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:43 p.m.17 views

EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:40 p.m.14 views

EUVD-2026-31971

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:40 p.m.13 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/26 7:40 p.m.28 views

CVE-2026-44837

ViewComponent CVE-2026-44837 affects Rails ViewComponent from 3.0.0 to 4.9.0. Root cause: system test entrypoint uses File.realpath and starts_with to check the path, which is not a safe containment check and allows potential sibling-directory escapes. Impact: could permit access to files outside...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/05/25 12:0 a.m.4 views

The vulnerability of the activesupport component in the Ruby on Rails software framework allows a hacker to trigger a service failure.

The vulnerability of the activesupport component in the Ruby on Rails software framework is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.3AI score0.0061EPSS
Exploits0References12Affected Software4
NVD
NVD
added 2026/05/22 8:16 p.m.8 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 7:10 p.m.8 views

EUVD-2026-31488

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 7:10 p.m.37 views

CVE-2026-40295

CVE-2026-40295 affects Devise (Rails/Warden) where FailureApp#redirect_url returns request.referrer for non-GET timeouts, enabling open redirects to attacker-controlled URLs. This occurs in Devise 5.0.3 and earlier and can cause phishing or malware delivery by redirecting expired-session users to...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/22 7:10 p.m.7 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016651 advisory. A deserialization of untrusted data vulnernerability exists in rails 5.2.4.3, rails 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in...

9.8CVSS5.8AI score0.45732EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016644 advisory. A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length o...

7.5CVSS5.8AI score0.03065EPSS
Exploits1References4
Chainguard
Chainguard
added 2026/05/20 7:17 p.m.7 views

GHSA-M7CR-M3PV-HGRP vulnerabilities

Vulnerabilities for packages: steampipe, gitea-fips, cloudbeat, kubevela, wolfictl, crossplane, grype-fips, witness, redpanda-console, src-fingerprint-fips, trivy-operator, trivy-operator-fips, external-secrets-operator-fips, jfrog-cli, gitlab-rails-ce, google-osconfig-agent, gptscript, gorelease...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 7:17 p.m.9 views

GHSA-CRHJ-59GH-8X96 vulnerabilities

Vulnerabilities for packages: steampipe, gitea-fips, cloudbeat, kubevela, wolfictl, crossplane, grype-fips, witness, redpanda-console, src-fingerprint-fips, trivy-operator, trivy-operator-fips, external-secrets-operator-fips, jfrog-cli, gitlab-rails-ce, google-osconfig-agent, gptscript, gorelease...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/05/20 7:17 p.m.15 views

CVE-2026-45571 vulnerabilities

Vulnerabilities for packages: steampipe, gitea-fips, cloudbeat, kubevela, wolfictl, crossplane, grype-fips, witness, redpanda-console, src-fingerprint-fips, trivy-operator, trivy-operator-fips, external-secrets-operator-fips, jfrog-cli, gitlab-rails-ce, google-osconfig-agent, gptscript, gorelease...

5.4CVSS5.9AI score0.00297EPSS
Exploits0
Rows per page
Query Builder