CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

Tenable Nessus•added 2026/02/12 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

6.9CVSS5.9AI score0.00043EPSS

Exploits0References2

Vulnrichment•added 2026/02/10 6:59 p.m.•3 views

CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

6.9CVSS5.6AI score0.00043EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-3027

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00062EPSS

Exploits0References13

Prion•added 2021/05/07 4:15 a.m.•8 views

Cross site request forgery (csrf)

The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...

6.8CVSS8.7AI score0.00145EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/05/07 3:51 a.m.•8 views

CVE-2021-32096

8.9AI score0.00145EPSS

Exploits1References2

OSV•added 2018/08/13 8:48 p.m.•11 views

GHSA-HX46-VWMX-WX95 High severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method...

7.5CVSS7.4AI score0.86668EPSS

Exploits7References2

UbuntuCve•added 2016/12/22 10:59 p.m.•27 views

CVE-2016-7954

Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334...

9.8CVSS7.4AI score0.02779EPSS

Exploits1References3

NVD•added 2013/08/23 4:55 p.m.•20 views

CVE-2013-4172

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

8.5CVSS7.5AI score0.00558EPSS

Exploits0References1

Prion•added 2013/08/23 4:55 p.m.•16 views

Code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

8.5CVSS8AI score0.00558EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2013/08/19 4:46 p.m.•1 views

interface: Ruby code injection

The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors...

8.5CVSS6.2AI score0.00558EPSS

Exploits0References4

Cvelist•added 2007/01/04 2:0 a.m.•14 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

7.5AI score0.00897EPSS

Exploits0References5

Debian CVE•added 2007/01/04 2:0 a.m.•16 views

CVE-2006-6852

6CVSS6.7AI score0.00897EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by