CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

217 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in the Action View tag helpers versions 5.2.0 and below, which would allow an attacker to inject content if they can control the input into specific attributes...

6.1CVSS6.1AI score0.01485EPSS

Exploits1References1

SUSE CVE•added 2026/03/25 12:24 a.m.•6 views

SUSE CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References3

Tenable Nessus•added 2026/03/25 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank stri...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:7 a.m.•9 views

CVE-2026-33168

A flaw was found in Action View, a component of the Rails framework. When a blank string is used as an HTML attribute name in Action View tag helpers, it bypasses attribute escaping, producing malformed HTML. A remote attacker could exploit this by crafting a malicious attribute value, which a we...

5.4CVSS5.8AI score0.00516EPSS

Exploits0References10

NVD•added 2026/03/23 11:17 p.m.•6 views

CVE-2026-33168

2.3CVSS0.00516EPSS

Exploits0References7

OSV•added 2026/03/23 11:17 p.m.•6 views

DEBIAN-CVE-2026-33168

2.3CVSS5.4AI score0.00516EPSS

Exploits0References1

OSV•added 2026/03/23 11:17 p.m.•8 views

UBUNTU-CVE-2026-33168

2.3CVSS5.8AI score0.00516EPSS

Exploits0References9

Cvelist•added 2026/03/23 11:1 p.m.•22 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS0.00516EPSS

Exploits0References7

CVE•added 2026/03/23 11:1 p.m.•13 views

CVE-2026-33168

CVE-2026-33168 (Rails / Action View) affects Rails’ Action View tag helpers. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, using a blank string as an HTML attribute name bypasses attribute escaping, producing malformed HTML. A crafted attribute could be misinterpreted by the browser as a new a...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References7

Vulnrichment•added 2026/03/23 11:1 p.m.•3 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References7

ATTACKERKB•added 2026/03/23 11:1 p.m.•2 views

CVE-2026-33168

2.3CVSS5.8AI score0.00516EPSS

Exploits0References8Affected Software1

Debian CVE•added 2026/03/23 11:1 p.m.•4 views

CVE-2026-33168

2.3CVSS5.4AI score0.00516EPSS

Exploits0

OSV•added 2026/03/23 11:1 p.m.•4 views

CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References9

Github Security Blog•added 2026/03/23 8:51 p.m.•11 views

Rails has a possible XSS vulnerability in its Action View tag helpers

Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Application...

2.3CVSS5.3AI score0.00516EPSS

Exploits0References10Affected Software1

EUVD•added 2026/03/23 8:51 p.m.•5 views

EUVD-2026-14616

Rails has a possible XSS vulnerability in its Action View tag helpers...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References7

OSV•added 2026/03/23 8:51 p.m.•10 views

GHSA-V55J-83PF-R9CQ Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References10

CNNVD•added 2026/03/23 12:0 a.m.•6 views

Rails 跨站脚本漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a cross-site scripting vulnerability. This vulnerability occurred when empty strings were used as HTML...

2.3CVSS5.7AI score0.00516EPSS

Exploits0References8

RubySec•added 2026/03/23 12:0 a.m.•9 views

Rails has a possible XSS vulnerability in its Action View tag helpers

2.3CVSS5.8AI score0.00516EPSS

Exploits0References1Affected Software1

GitLab Advisory Database•added 2026/03/23 12:0 a.m.•8 views

Rails has a possible XSS vulnerability in its Action View tag helpers

When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that...

2.3CVSS5.8AI score0.00516EPSS

Exploits0References10Affected Software1

Positive Technologies•added 2026/03/23 12:0 a.m.•5 views

PT-2026-27255

Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Action View tag helpers are susceptible to an issue where attribute escaping is bypassed when a blank string is used as an HTML attribu...

2.3CVSS5.6AI score0.00516EPSS

Exploits0References20

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by