CVE-2026-57435

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This use-after-free vulnerability occurs when replacing the value of an XML attribute. If a Ruby wrapper already points to the attribute's child node, the underlying native child node can be freed while the wrapper remains accessible...

Ruby on Rails Web Console - Remote Code Execution

Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request to request.rb...

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

Ruby On Rails - Local File Inclusion

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...

EUVD-2026-38069

YARD static cache reads raw traversal paths before router sanitization...

CVE-2026-54905

A flaw was found in concurrent-ruby. The Concurrent::ReentrantReadWriteLock component can incorrectly grant a write lock to a thread while other threads still hold or can acquire read locks. This occurs when a thread acquires a read lock 32,768 times, causing an internal counter to incorrectly...

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

GHSA-Q2GM-54R6-8FWM vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-M578-W5VF-RFCM vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-VWM4-62GF-X745 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-FM7P-MPRW-WJM9 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-475M-PH3X-64GP vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-2CW7-V8FF-P88R vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-9CV6-QCJW-4GRX vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-3M6Q-JJ5J-38C9 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

CVE-2026-54903 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

CVE-2026-54901 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

CVE-2026-54898 vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-9PPP-W3G4-FH4Q vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...

GHSA-3V45-F3VH-WG7M vulnerabilities

Vulnerabilities for packages: ruby3.3-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset...