Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34 matches found

Tenable Nessus
Tenable Nessusadded 2026/04/04 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-34826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limitin...

7.5CVSS6.5AI score0.0041EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2026/04/03 11:24 p.m.2 views

SUSE CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.00041EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/04/03 11:24 p.m.2 views

SUSE CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00065EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/02 6:44 p.m.1 views

EUVD-2026-18382

Rack::Static prefix matching can expose unintended files under the static root...

7.5CVSS5.8AI score0.00047EPSS
Exploits0References2
NVD
NVDadded 2026/04/02 5:16 p.m.3 views

CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS0.00041EPSS
Exploits0References1
OSV
OSVadded 2026/04/02 5:16 p.m.1 views

DEBIAN-CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.2AI score0.00041EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.1 views

CVE-2026-34763

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates the configured root path directly into a regular expression when deriving the displayed directory path. If root contains regex metacharacters such as +, , or ., the prefix...

5.3CVSS5.8AI score0.00041EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.0 views

CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.8AI score0.00047EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.0 views

CVE-2026-34230

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a respon...

7.5CVSS5.7AI score0.00022EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.1 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

5.3CVSS5.8AI score0.00014EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.0 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.9AI score0.00044EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/04/02 5:16 p.m.0 views

CVE-2026-34831

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Filesfail sets the Content-Length response header using Stringsize instead of Stringbytesize. When the response body contains multibyte UTF-8 characters, the declared Content-Length is smaller than the...

6.5CVSS5.8AI score0.00041EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/04/02 4:47 p.m.1 views

CVE-2026-34830

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...

7.5CVSS5.3AI score0.00047EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/02 4:46 p.m.1 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00065EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/04/02 4:46 p.m.3 views

CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.3AI score0.00065EPSS
Exploits0
Cvelist
Cvelistadded 2026/04/02 4:45 p.m.17 views

CVE-2026-34826 Rack: Unbounded Range Count in get_byte_ranges Enables DoS

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

5.3CVSS0.00021EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/04/02 4:44 p.m.2 views

CVE-2026-34786

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a...

5.3CVSS5.3AI score0.00044EPSS
Exploits0
Cvelist
Cvelistadded 2026/04/02 4:44 p.m.12 views

CVE-2026-34785 Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS0.00047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/02 4:42 p.m.5 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

3.7CVSS5.8AI score0.00014EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.1 views

PT-2026-29817

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack's Rack::Multipart::Parser does not limit the size of multipart uploads when a Content-Length header is not present, such as with HTTP chunked transfer encoding. Specifically, wh...

7.5CVSS5.9AI score0.00065EPSS
Exploits0References36
Rows per page
Query Builder