2116 matches found
GHSA-WJV4-X9W8-WM3H vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-5V8H-3H3Q-446P vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-8678-W3JW-XFC2 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, pact-broker-docker-fips, kube-logging-operator, ruby3.2-rails, pact-broker-docker, logstash, ruby3.3-rails, ruby3.4-rails, logstash-fips...
GHSA-H8W8-99G7-QMVJ vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, kube-fluentd-operator...
CVE-2026-54905 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, kube-fluentd-operator...
CVE-2026-54904 vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, kube-fluentd-operator...
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
GHSA-WFPW-MMFH-QQ69 vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, ruby3.2-rails, ruby3.3-rails, logstash...
CVE-2026-54906 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-rails, ruby3.4-rails, ruby3.3-rails...
GHSA-5PRR-V3J2-97MH vulnerabilities
Vulnerabilities for packages: ruby3.4-rails, kube-logging-operator, ruby3.2-rails, ruby3.3-rails, logstash...
GHSA-WV3X-4VXV-WHPP vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-rails, ruby3.4-rails, ruby3.3-rails...
Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)
Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms
HTB Facts — Full Writeup Difficulty: Medium OS: Lin...
Linux Distros Unpatched Vulnerability : CVE-2026-44837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
DEBIAN-CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837
ViewComponent CVE-2026-44837 affects Rails ViewComponent from 3.0.0 to 4.9.0. Root cause: system test entrypoint uses File.realpath and starts_with to check the path, which is not a safe containment check and allows potential sibling-directory escapes. Impact: could permit access to files outside...
EUVD-2026-31971
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
Astra Linux - уязвимость в ruby-rails-html-sanitizer
Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...