Lucene search
K

148 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/23 11:7 p.m.2 views

CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/23 11:7 p.m.5 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/23 9:15 p.m.4 views

EUVD-2026-14630

Rails Active Support has a possible DoS vulnerability in its number helpers...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 9:15 p.m.6 views

GHSA-2J26-FRM8-CMJ9 Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS6.6AI score0.0061EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/23 9:15 p.m.6 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.2AI score0.0061EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/03/23 8:53 p.m.4 views

EUVD-2026-14624

Rails Active Support has a possible XSS vulnerability in SafeBuffer%...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 8:53 p.m.14 views

GHSA-89VF-4333-QX8V Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Impact SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and then formatted with % using untrusted arguments, the result incorrectly reports htmlsafe? == true, bypassing ERB auto-escaping and possibly leading to XSS...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References10
EUVD
EUVD
added 2026/03/23 8:52 p.m.5 views

EUVD-2026-14622

Rails Active Support has a possible ReDoS vulnerability in numbertodelimited...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 8:52 p.m.1 views

GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS6.5AI score0.00498EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/03/23 8:52 p.m.12 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...

6.9CVSS5AI score0.00498EPSS
Exploits0References10Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27257

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The SafeBuffer% function does not correctly propagate the @html unsafe flag to newly created buffers. If a...

6.1CVSS6.1AI score0.00327EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27261

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept...

8.7CVSS6.6AI score0.0061EPSS
Exploits0References22
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.8 views

Rails 安全漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Support before 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from digital helper functions...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References8
RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.13 views

Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.6 views

Moxa Active Devices Detection

The current plugin identifies Moxa devices that are still under active support. Moxa Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product has been phased out and is no longer manufactured or supported. %NASLMINLEVEL 80900 C Tenable Network Security,...

5.7AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/05 2:45 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM Aspera Shares

Summary Multiple vulnerabilities were addressed in IBM Aspera Shares version 1.11.0. Vulnerability Details CVEID:CVE-2017-17718 DESCRIPTION: The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM...

10CVSS8.9AI score0.63792EPSS
Exploits7Affected Software5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0352

Malware in sbrugna...

10CVSS9.3AI score0.06129EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-22796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the...

7.5CVSS6.6AI score0.01712EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.3 views

Axis Communications Active Devices Detection

The current plugin identifies Axis devices that are still under active support. Axis Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until the...

5.5AI score
Exploits0References1
Rows per page
Query Builder