PT-2026-41146

Summary render toc ul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading ID...

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

Linux Distros Unpatched Vulnerability : CVE-2025-55193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be...

CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

DEBIAN-CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

UBUNTU-CVE-2025-55193

Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in...

CVE-2025-55193

CVE-2025-55193 affects Rails Active Record: the ID passed to find-like methods may be logged unescaped, potentially injecting unescaped ANSI sequences if logged to a terminal. The issue is fixed in Rails versions 7.1.5.2, 7.2.2.2, and 8.0.2.1. Public advisories in Debian (DSA-6090) and Fedora/Ope...

Rails 安全漏洞

Rails is a set of open source web application frameworks based on the Ruby language from the US-based Rails team. A security vulnerability exists in versions prior to Rails 7.1.5.2, 7.2.2.2, and 8.0.2.1, which stems from the possibility that unescaped IDs may contain ANSI sequences, which could...