Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

43 matches found

RedHat Linux
RedHat Linuxadded 6 days ago6 views

php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

6.5CVSS5.8AI score0.00084EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/17 5:16 p.m.2 views

CVE-2026-40319

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search without any timeout or complexity guard. A crafted regex pattern can trigger catastrophic backtracking,...

1CVSS5.8AI score0.00008EPSS
Exploits0References3Affected Software1
Oracle linux
Oracle linuxadded 2024/12/10 12:0 a.m.21 views

ruby security update

3.0.7-163 - Fix REXML ReDoS vulnerability. CVE-2024-49761 Resolves: rbhz2322153 3.0.7-162 - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves:...

6.6CVSS7.5AI score0.01645EPSS
Exploits0
OSV
OSVadded 2024/06/14 1:59 p.m.24 views

RLSA-2024:3546 Moderate: ruby:3.1 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280...

9.8CVSS7.1AI score0.0883EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/06/14 12:0 a.m.31 views

Oracle Linux 8 : ruby:3.1 (ELSA-2024-3546)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3546 advisory. ruby 3.1.5-143 - Upgrade to Ruby 3.1.5. Resolves: RHEL-35748 - Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35749 - Fix RCE...

9.8CVSS7.5AI score0.0883EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/06/14 12:0 a.m.26 views

Rocky Linux 9 : ruby:3.3 (RLSA-2024:3671)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.0883EPSS
Exploits0References7
OSV
OSVadded 2024/06/11 12:0 a.m.25 views

ALSA-2024:3838 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...

9.8CVSS7.8AI score0.0883EPSS
Exploits1References14
Tenable Nessus
Tenable Nessusadded 2024/06/11 12:0 a.m.20 views

Oracle Linux 8 : ruby:3.3 (ELSA-2024-3670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3670 advisory. - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281...

9.8CVSS7.3AI score0.0883EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/06/10 12:0 a.m.28 views

AlmaLinux 8 : ruby:3.3 (ALSA-2024:3670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3670 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.0883EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2024/06/10 12:0 a.m.22 views

AlmaLinux 9 : ruby:3.3 (ALSA-2024:3671)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:3671 advisory. ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Arbitrary memory...

9.8CVSS7AI score0.0883EPSS
Exploits0References4
Oracle linux
Oracle linuxadded 2024/06/07 12:0 a.m.42 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37446 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37448 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37449 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS7.5AI score0.0883EPSS
Exploits0
Oracle linux
Oracle linuxadded 2024/06/06 12:0 a.m.31 views

ruby:3.3 security, bug fix, and enhancement update

ruby 3.3.1-2 - Upgrade to Ruby 3.3.1. Resolves: RHEL-37697 - Fix buffer overread vulnerability in StringIO. CVE-2024-27280 Resolves: RHEL-37699 - Fix RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Resolves: RHEL-37696 - Fix Arbitrary memory address read vulnerability with Regex searc...

9.8CVSS6.5AI score0.0883EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2024/05/30 1:22 p.m.58 views

Moderate: Red Hat Security Advisory: ruby:3.0 security update

An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.0883EPSS
Exploits1References7
OSV
OSVadded 2024/05/09 2:40 a.m.10 views

MGASA-2024-0160 Updated ruby packages fix security vulnerabilities

Buffer overread vulnerability in StringIO. CVE-2024-27280 RCE vulnerability with .rdocoptions in RDoc. CVE-2024-27281 Arbitrary memory address read vulnerability with Regex search. CVE-2024-27282...

9.8CVSS5.8AI score0.0883EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2024/05/08 8:40 p.m.21 views

CVE-2024-27282

An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1...

6.6CVSS7.8AI score0.00697EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/04/24 12:0 a.m.24 views

FreeBSD : ruby -- Arbitrary memory address read vulnerability with Regex search (2ce1a2f1-0177-11ef-a45e-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2ce1a2f1-0177-11ef-a45e-08002784c58d advisory. - sp2ip reports: If attacker-supplied data is provided to the Ruby regex compiler, it is possible to...

6.6CVSS7.5AI score0.00697EPSS
Exploits0References3
Slackware Linux
Slackware Linuxadded 2024/04/23 10:33 p.m.40 views

[slackware-security] ruby

New ruby packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ruby-3.0.7-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Arbitrary memory address read vulnerability with Regex...

9.8CVSS6.5AI score0.0883EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2023/02/15 6:0 a.m.2 views

SUSE CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

2.6CVSS6.2AI score0.00604EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 4:45 a.m.2 views

SUSE CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in matchat during regular expression searching. A logical error involving order of validation and access in matchat could result in an...

4CVSS7.1AI score0.00624EPSS
Exploits1References7
OSV
OSVadded 2021/04/06 5:22 p.m.16 views

GHSA-RJ44-GPJC-29R7 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

6.4CVSS9AI score0.01082EPSS
Exploits0References5
Rows per page
Query Builder