CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

112 matches found

Redos•added 2026/05/06 12:0 a.m.•2 views

ROS-20260506-73-0040

Vulnerability in rubygem-actionview due to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

2.3CVSS6.2AI score0.00026EPSS

Exploits0

Snyk•added 2026/03/24 12:32 a.m.•2 views

Cross-site Scripting (XSS)

Overview actionview is a simple, battle-tested conventions and helpers for building web pages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via custom HTML attributes passed in to tag helpers. An attacker can inject scripts that may be executed in the context of th...

4.7CVSS5.5AI score0.00026EPSS

Exploits0References2

OSV•added 2026/03/13 12:0 a.m.•1 views

OPENSUSE-SU-2026:10340-1 ruby4.0-rubygem-actionview-8.0-8.0.3-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-actionview-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...

2.3CVSS5.8AI score0.0019EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-0332

Malware in sbrugna...

4.8CVSS6.3AI score0.00887EPSS

Exploits1References13

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-0269

Malware in sbrugna...

4.3CVSS7.3AI score0.00885EPSS

Exploits0References19

Hacker One•added 2025/01/11 6:22 a.m.•999 views

Internet Bug Bounty: #2931639 ActionView sanitize helper bypass with math-related tags

There is a vulnerability in Rails-HTML-Sanitizer 1.6.0, which is also used by Rails ActionView. The vulnerability allows for bypassing the sanitization process when certain math-related tags, such as "math", "mtext", "table", "style", and "mglyph" or "malignmark", are allowed. This could lead to...

6.1AI score

Exploits0

Hacker One•added 2025/01/11 6:18 a.m.•921 views

Internet Bug Bounty: ActionView sanitize helper bypass with style and math

The Rails-html-sanitizer version 1.6.0 was affected by a vulnerability that could lead to a bypass of the sanitization process, resulting in potential cross-site scripting XSS attacks. The vulnerability was addressed in version 1.6.1...

5.9AI score

Exploits0

Hacker One•added 2025/01/11 6:1 a.m.•896 views

Internet Bug Bounty: ActionView sanitize helper bypass with 'style' and 'svg' tags

The Rails-html-sanitizer, which Rails ActionView also uses, failed to sanitize input when svg and style or math and style tags were allowed. This resulted in a potential XSS vulnerability in applications that used the sanitize helper...

6.1AI score

Exploits0

Tenable Nessus•added 2024/11/04 12:0 a.m.•16 views

RHEL 6 / 7 : rh-ror41 (RHSA-2016:0456)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0456 advisory. The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller MVC framework for web application...

7.5CVSS7.1AI score0.86668EPSS

Exploits17References6

OSV•added 2024/09/13 11:5 a.m.•7 views

RHSA-2016:1856 Red Hat Security Advisory: rh-ror41-rubygem-actionview security update

Bulletin has no description...

6.1CVSS6.3AI score0.01626EPSS

Exploits0References8

OSV•added 2024/06/28 11:8 a.m.•1 views

OESA-2024-1776 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

6.3CVSS6.2AI score0.00207EPSS

Exploits0References2

OSV•added 2024/06/28 11:8 a.m.•1 views

OESA-2024-1775 rubygem-actionview security update

6.3CVSS6.2AI score0.00207EPSS

Exploits0References2

OSV•added 2024/06/28 11:8 a.m.•2 views

OESA-2024-1774 rubygem-actionview security update

6.3CVSS6.2AI score0.00207EPSS

Exploits0References2