Lucene search
K

148 matches found

OSV
OSV
added 2026/03/24 12:16 a.m.7 views

DEBIAN-CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

5.3CVSS4.4AI score0.00498EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 12:16 a.m.7 views

DEBIAN-CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

7.5CVSS4.7AI score0.0061EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/24 12:16 a.m.3 views

CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/24 12:16 a.m.4 views

CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.9AI score0.00327EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/24 12:16 a.m.6 views

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.9AI score0.0061EPSS
Exploits0References8
OSV
OSV
added 2026/03/24 12:16 a.m.6 views

UBUNTU-CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References9
OSV
OSV
added 2026/03/24 12:16 a.m.8 views

UBUNTU-CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References9
OSV
OSV
added 2026/03/24 12:16 a.m.6 views

UBUNTU-CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.7AI score0.00498EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/23 11:29 p.m.21 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS0.0061EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:29 p.m.3 views

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:29 p.m.4 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/23 11:29 p.m.6 views

CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS4.6AI score0.0061EPSS
Exploits0
OSV
OSV
added 2026/03/23 11:29 p.m.7 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.9AI score0.0061EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/03/23 11:9 p.m.28 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS0.00327EPSS
Exploits0References7
CVE
CVE
added 2026/03/23 11:9 p.m.18 views

CVE-2026-33170

CVE-2026-33170 concerns Active Support (Rails core extensions) where SafeBuffer#% fails to propagate the @html_unsafe flag to a newly created buffer. This can cause in-place mutations (e.g., gsub!) followed by formatting with % using untrusted input to produce a result where html_safe? remains tr...

6.1CVSS5.8AI score0.00327EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:9 p.m.2 views

CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#%

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/23 11:7 p.m.1 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:7 p.m.1 views

CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/03/23 11:7 p.m.28 views

CVE-2026-33169

CVE-2026-33169 affects Active Support (Rails core extensions). The issue arises in NumberToDelimitedConverter, which uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Interaction between a repeated lookahead group and gsub! can cause quadratic time complexity on...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/23 11:7 p.m.21 views

CVE-2026-33169 Rails Active Support has a possible ReDoS vulnerability in number_to_delimited

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS0.00498EPSS
Exploits0References7
Rows per page
Query Builder