Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 9:26 p.m.8 views

CVE-2026-42205 Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class descendants of...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 9:26 p.m.15 views

CVE-2026-42205

CVE-2026-42205 (Avo) affects the Avo framework for Ruby on Rails. The issue resides in the ActionsController’s insecure action lookup, which can ignore resource context and let an authenticated user execute any action class (descendants of Avo::BaseAction) on any resource. This creates privilege ...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References2
Fedora
Fedora
added 2015/09/04 5:20 a.m.37 views

[SECURITY] Fedora 22 Update: struts-1.3.10-14.fc22

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

7.5CVSS1.5AI score0.21261EPSS
Exploits0
Fedora
Fedora
added 2014/08/23 2:0 a.m.87 views

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

Welcome to the Struts Framework! The goal of this project is to provide an open source framework useful in building web applications with Java Servlet and JavaServer Pages JSP technology. Struts encourages application architectures based on the Model-View-Controller MVC design paradigm,...

7.5CVSS1.5AI score0.95821EPSS
Exploits4
Rows per page
Query Builder