Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44 matches found

Snyk
Snykadded 2026/03/24 12:32 a.m.2 views

Cross-site Scripting (XSS)

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the @htmlunsafe flag used by the SafeBuffer% function. An attacker can inject scripts by providing...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References2
OSV
OSVadded 2026/03/24 12:16 a.m.3 views

DEBIAN-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/23 11:9 p.m.1 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
OSV
OSVadded 2026/03/23 11:9 p.m.3 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References9
CVE
CVEadded 2026/03/23 11:9 p.m.16 views

CVE-2026-33170

CVE-2026-33170 concerns Active Support (Rails core extensions) where SafeBuffer#% fails to propagate the @html_unsafe flag to a newly created buffer. This can cause in-place mutations (e.g., gsub!) followed by formatting with % using untrusted input to produce a result where html_safe? remains tr...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVEadded 2026/03/23 11:9 p.m.4 views

CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.3AI score0.00327EPSS
Exploits0
Cvelist
Cvelistadded 2026/03/23 11:9 p.m.25 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS0.00327EPSS
Exploits0References7
EUVD
EUVDadded 2026/03/23 8:53 p.m.3 views

EUVD-2026-14624

Rails Active Support has a possible XSS vulnerability in SafeBuffer%...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
OSV
OSVadded 2026/03/23 8:53 p.m.14 views

GHSA-89VF-4333-QX8V Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Impact SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and then formatted with % using untrusted arguments, the result incorrectly reports htmlsafe? == true, bypassing ERB auto-escaping and possibly leading to XSS...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.8 views

EUVD-2017-0294

Malware in sbrugna...

4.3CVSS6AI score0.02137EPSS
Exploits0References9
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-28120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. CVE-2023-28120 Note that Nessus reli...

5.3CVSS6.4AI score0.00907EPSS
Exploits0References2
NVD
NVDadded 2025/01/09 1:15 a.m.14 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS0.00907EPSS
Exploits0References6
OSV
OSVadded 2025/01/09 1:15 a.m.12 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.6AI score0.00907EPSS
Exploits0References6
OSV
OSVadded 2025/01/09 1:15 a.m.3 views

DEBIAN-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS5.9AI score0.00907EPSS
Exploits0References1
OSV
OSVadded 2025/01/09 1:15 a.m.0 views

UBUNTU-CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

5.3CVSS6.6AI score0.00907EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/01/09 12:33 a.m.34 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

0.00907EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2025/01/09 12:33 a.m.12 views

CVE-2023-28120

There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input...

7.1AI score0.00907EPSS
Exploits0References6
OSV
OSVadded 2024/07/05 11:8 a.m.1 views

OESA-2024-1799 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00907EPSS
Exploits0References2
OSV
OSVadded 2024/07/05 11:8 a.m.2 views

OESA-2024-1797 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00907EPSS
Exploits0References2
OSV
OSVadded 2024/07/05 11:8 a.m.2 views

OESA-2024-1800 rubygem-activesupport security update

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing. Security Fixes: A Cross-Site-Scripting vulnerability was found in rubygem ActiveSupport. If the new bytesplice method is...

5.3CVSS7AI score0.00907EPSS
Exploits0References2
Rows per page
Query Builder