Lucene search
+L

24 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2006

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00349EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/14 2:50 a.m.23 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.1CVSS5.8AI score0.00349EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.5 views

Malicious code in active-admin_import (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cb848e010b1e1088fe1ff6ed7fe395e591d19e092a68bbca431192385118b63 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.10 views

Malicious code in active-admin_theme (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57f7abc3b5528b7993f73345e9e285184292f6c22373326d1085fc23f1d93255 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
OSV
OSV
added 2024/06/25 1:46 p.m.10 views

MAL-2024-6392 Malicious code in active-admin_globalize3_locale_selector (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/06/25 1:46 p.m.12 views

MAL-2024-6391 Malicious code in active-admin_filters_visibility (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.6 views

Malicious code in active-admin_filters_visibility (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ef355112d46a1052b919305d88469fdad609119516eba16ba1e8c07f93271aea --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
OSV
OSV
added 2024/06/25 1:46 p.m.14 views

MAL-2024-6390 Malicious code in active-admin-duplicatable (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.8 views

Malicious code in active-admin-duplicatable (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b36fa685c2825b172204763cbf32a22d03886a37723cde120a5daf5ef8fbcac7 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
OSV
OSV
added 2024/06/25 1:46 p.m.13 views

MAL-2024-6389 Malicious code in active-admin-advanced_create_another (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:46 p.m.9 views

Malicious code in active-admin-advanced_create_another (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 16b5ea2a21dca3777097b41417e963ab50429fd264f6c679cc002716b1bc9eb3 --- Credit: OpenSSF source...

5.3AI score
Exploits0References3
NVD
NVD
added 2024/06/03 6:15 a.m.43 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.1CVSS5.7AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/03 5:54 a.m.13 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.2AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/03 5:54 a.m.46 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

5.7AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.10 views

PT-2024-27254 · Unknown · Activeadmin

Name of the Vulnerable Software and Affected Versions: Active Admin versions prior to 3.2.2 Active Admin version 4.0.0.beta7 is a fixed version, implying versions prior to 4.0.0.beta7 are also affected, but since 3.2.2 is mentioned as a fixed version, we only consider versions prior to 3.2.2 as...

7.2CVSS5.9AI score0.00349EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2023/12/28 11:15 p.m.2 views

CVE-2023-50448

In ActiveAdmin aka Active Admin before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data that belongs to another user by making CSV export requests at certain specific times...

6.5CVSS6.6AI score0.00496EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/28 12:0 a.m.3 views

Active Admin security vulnerability

Active Admin is Active Admin open source a Ruby on Rails framework . It is used to create a backend for website management. A security vulnerability exists in versions prior to Active Admin 2.12.0 that originated from allowing an attacker to access another user's private data by initiating a CSV...

6.5CVSS6.7AI score0.00496EPSS
Exploits0References3
CVE
CVE
added 2023/12/28 12:0 a.m.64 views

CVE-2023-50448

Summary: CVE-2023-50448 affects ActiveAdmin (Ruby on Rails) before 2.12.0, where a concurrency issue in the CSV export path can let a user access data belonging to another user. The root cause is a shared, unsynchronized variable that holds the collection to be exported, allowing timing-based lea...

6.5CVSS6.3AI score0.00496EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/12/26 7:13 a.m.21 views

CSV Injection

Active Admin is vulnerable to CSV Injection. This vulnerability is due to missing sanitization while exporting a CSV file. An attacker can inject malicious data to a CSV file such as =, +, -', @, \t, \r which results in arbitrary macro execution if the csv file is opened in software such as excel...

9.8CVSS6.9AI score0.0095EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/12/24 12:0 a.m.63 views

CVE-2023-51763

ActiveAdmin CSV injection CVE-2023-51763 affects csv_builder.rb in ActiveAdmin prior to 3.2.0. The underlying issue is that spreadsheet formulas could be uploaded/exported via CSV, allowing injection when opened in programs like LibreOffice. The Red Hat and GitHub advisories corroborate the issue...

9.8CVSS9.5AI score0.0095EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder