Important: Red Hat Security Advisory: ruby:4.0 security update

An update for the ruby:4.0 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Ruby 竞争条件问题漏洞

Ruby is a cross-platform, object-oriented dynamic type programming language developed by Yukihiro Matsumoto. Prior to Ruby 4.0.5, there was a race condition vulnerability. This vulnerability stemmed from a race condition in the getaddrinfo handling process based on pthread, where reusing resource...

Oracle Linux 9 : ruby (ELSA-2026-18039)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18039 advisory. 3.0.7-166 - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171254 Tenable has extracted the preceding descriptio...

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Net::IMAP 命令注入漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 had command injection vulnerabilities. These vulnerabilities stemmed from the symbolic parameters of commands, which were vulnerable to CRLF...

Lyussfyuring002

lyussfyuring002 web exploitation + OSINT toolkit for people...

CVE-2026-27820

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously produced output but...

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

DEBIAN-CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

Ruby LSP 代码注入漏洞

Ruby LSP is an open-source Ruby language server developed by Shopify. It provides code completion and debugging features. Versions of Ruby LSP prior to 0.10.2 and 0.26.9 contained a code injection vulnerability. This vulnerability stemmed from the fact that the Gemfile generated by rubyLsp.branch...

EUVD-2026-16866

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamablehttptransport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005311 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...

ruby:3.3 security update

An update is available for ruby, rubygem-mysql2, rubygem-abrt, rubygem-pg, module.ruby, module.rubygem-pg, module.rubygem-mysql2, module.rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

GHSA-J4PR-3WM6-XX2R URI Credential Leakage Bypass over CVE-2025-27221

Impact In affected URI version, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials. When using the + operator to combine URIs, sensitive information like passwords from the original URI can be leaked, violating RFC3986 and making applications vulnerable to credential...

URI 安全漏洞

URI is a Ruby open source module that provides classes to handle Uniform Resource Identifiers. A security vulnerability exists in URI versions prior to 0.12.5, 0.13.3, and 1.0.4, which stems from the possibility that sensitive information such as passwords in the original URI may be disclosed whe...

EUVD-2025-201812

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

[SECURITY] Fedora 43 Update: ruby-3.4.7-28.fc43

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

rexml: REXML: Denial of Service via inefficient regex parsing

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

EUVD-2010-3119

Malware in sbrugna...