RHEL 8 : ruby:3.1 (RHSA-2025:4063)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4063 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

CVE-2025-28027

CVE-2025-28027 affects TOTOLINK devices A830R (4.1.2cu.5182_B20201102), A950RG (4.1.2cu.5161_B20200903), A3000RU (5.9c.5185_B20201128), and A3100R (4.1.2cu.5247_B20211129) with a buffer overflow in downloadFile.cgi. CVSS 3.1 base score 7.3 (HIGH); attack vector: NETWORK, attack complexity: LOW, p...

TOTOLINK A3700R cstecgi.cgi setUPnPCfg Improper Access Control Vulnerability

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

ALSA-2025:4063 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

Azure Linux 3.0 Security Update: ruby (CVE-2025-27219)

The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential...

Ubuntu: Security Advisory (USN-7442-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7442-1: Ruby vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

USN-7442-1 ruby2.3, ruby2.5 vulnerabilities

It was discovered that the Ruby CGI gem incorrectly handled parsing certain cookies. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. CVE-2025-27219 It was discovered that the Ruby CGI gem incorrectly handled parsing certain regular expressions...

ROS-20250417-12

Vulnerability in cgi gem software tool due to insufficient input validation when processing unreliable input using regular expressions in CGI::UtilescapeElement. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cgi gem...

CVE-2025-3663

A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity and management. The TOTOLINK A3700R suffers from an improper access control vulnerability that originates from improper access control of the setUPnPCfg function in the file /cgi-bin/cstecgi.cgi. No detailed...

TOTOLINK A3700R 安全漏洞

The TOTOLINK A3700R is a wireless router that provides wireless network connectivity. The TOTOLINK A3700R suffers from an access control error vulnerability that stems from the /cgi-bin/cstecgi.cgi file setWiFiEasyGuestCfg function failing to correctly handle a specific request. No detailed...

📄 GestioIP 3.5.7 Remote Command Execution

GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...

Medium: ruby3.2

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the...

Amazon Linux 2023 : ruby3.2, ruby3.2-bundled-gems, ruby3.2-default-gems (ALAS2023-2025-929)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-929 advisory. Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for...

Medium: ruby3.2

Issue Overview: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the...

Exploit for OS Command Injection in Php

CVE-2024-4577 usage: CVE-2024-4577.py -h -v RHOST RPO...

USN-7418-1: Ruby vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS, Ubuntu 24.04...

CVE-2025-29462

A buffer overflow vulnerability has been discovered in Tenda Ac15 V15.13.07.13. The vulnerability occurs when the webCgiGetUploadFile function calls the socketRead function to process HTTP request messages, resulting in the overwriting of a buffer on the stack...