148 matches found
CVE-2026-33169
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...
EUVD-2026-14630
Rails Active Support has a possible DoS vulnerability in its number helpers...
GHSA-2J26-FRM8-CMJ9 Rails Active Support has a possible DoS vulnerability in its number helpers
Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...
Rails Active Support has a possible DoS vulnerability in its number helpers
Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...
EUVD-2026-14624
Rails Active Support has a possible XSS vulnerability in SafeBuffer%...
GHSA-89VF-4333-QX8V Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
Impact SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and then formatted with % using untrusted arguments, the result incorrectly reports htmlsafe? == true, bypassing ERB auto-escaping and possibly leading to XSS...
EUVD-2026-14622
Rails Active Support has a possible ReDoS vulnerability in numbertodelimited...
GHSA-CG4J-Q9V8-6V38 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations. Credit This issue was responsibly reported by Hackerone...
PT-2026-27257
Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description The SafeBuffer% function does not correctly propagate the @html unsafe flag to newly created buffers. If a...
PT-2026-27261
Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept...
Rails 安全漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Support before 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from digital helper functions...
Rails Active Support has a possible DoS vulnerability in its number helpers
Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited
Impact NumberToDelimitedConverter used a regular expression with gsub! to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. Releases The fixed releases are available at the normal locations...
Moxa Active Devices Detection
The current plugin identifies Moxa devices that are still under active support. Moxa Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product has been phased out and is no longer manufactured or supported. %NASLMINLEVEL 80900 C Tenable Network Security,...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Shares
Summary Multiple vulnerabilities were addressed in IBM Aspera Shares version 1.11.0. Vulnerability Details CVEID:CVE-2017-17718 DESCRIPTION: The Net::LDAP aka net-ldap gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. CWE:CWE-295: Improper Certificate Validation CVSS Source: IBM...
EUVD-2018-0352
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-22796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular expression based DoS vulnerability in Active Support 6.1.7.1 and 7.0.4.1. A specially crafted string passed to the underscore method can cause the...
Axis Communications Active Devices Detection
The current plugin identifies Axis devices that are still under active support. Axis Lifecycle Statuses: - Active: Most current offering within a product category. - End of Life: Discontinued date announced - actively execute migrations and last time buys. Product generally orderable until the...