CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

183 matches found

Tenable Nessus•added 2026/05/25 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the...

6.1CVSS5.9AI score0.00067EPSS

Exploits0References3

OSV•added 2026/05/22 8:16 p.m.•3 views

DEBIAN-CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00067EPSS

Exploits0References1

NVD•added 2026/05/22 8:16 p.m.•4 views

CVE-2026-40295

6.1CVSS0.00067EPSS

Exploits0References2

UbuntuCve•added 2026/05/22 8:16 p.m.•4 views

CVE-2026-40295

6.1CVSS5.9AI score0.00067EPSS

Exploits0References3

OSV•added 2026/05/22 8:16 p.m.•2 views

UBUNTU-CVE-2026-40295

6.1CVSS5.8AI score0.00067EPSS

Exploits0References4

CVE•added 2026/05/22 7:10 p.m.•15 views

CVE-2026-40295

CVE-2026-40295 affects Devise (Rails/Warden) where FailureApp#redirect_url returns request.referrer for non-GET timeouts, enabling open redirects to attacker-controlled URLs. This occurs in Devise 5.0.3 and earlier and can cause phishing or malware delivery by redirecting expired-session users to...

6.1CVSS5.8AI score0.00067EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/22 7:10 p.m.•5 views

CVE-2026-40295 Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

6.1CVSS0.00067EPSS

Exploits0References2

Debian CVE•added 2026/05/22 7:10 p.m.•6 views

CVE-2026-40295

6.1CVSS5.8AI score0.00067EPSS

Exploits0

ATTACKERKB•added 2026/05/22 7:10 p.m.•2 views

CVE-2026-40295

6.1CVSS5.8AI score0.00067EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/22 7:10 p.m.•3 views

CVE-2026-40295 Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

6.1CVSS5.8AI score0.00067EPSS

Exploits0References2

EUVD•added 2026/05/22 7:10 p.m.•3 views

EUVD-2026-31488

6.1CVSS5.8AI score0.00067EPSS

Exploits0References2

CNNVD•added 2026/05/22 12:0 a.m.•3 views

Devise 输入验证错误漏洞

Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 contained a vulnerability related to input validation. This vulnerability stemmed from the FailureAppredirecturl method returning an unvalidated HTTP Referer header, which...

6.1CVSS5.8AI score0.00067EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•5 views

Malicious code in knot-devise-jwt-helper (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

5.8AI score

Exploits0References1

OSV•added 2026/05/13 3:9 a.m.•4 views

MAL-2026-3632 Malicious code in knot-devise-jwt-helper (RubyGems)

5.8AI score

Exploits0References1

OSV•added 2026/05/08 3:41 p.m.•1 views

GHSA-JP94-3292-C3XV Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

6.1CVSS6AI score0.00067EPSS

Exploits0References5

Snyk•added 2026/05/08 3:41 p.m.•1 views

Open Redirect

Overview devise is a flexible authentication solution for Rails with Warden. Affected versions of this package are vulnerable to Open Redirect in the FailureAppredirecturl method when handling non-GET requests after a session timeout. An attacker can cause users to be redirected to arbitrary...

6.1CVSS5.9AI score0.00067EPSS

Exploits0References2

Github Security Blog•added 2026/05/08 3:41 p.m.•6 views

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

6.1CVSS6AI score0.00067EPSS

Exploits0References5Affected Software1

RubySec•added 2026/05/08 12:0 a.m.•3 views

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

6.1CVSS6AI score0.00067EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•9 views

PT-2026-39182

Name of the Vulnerable Software and Affected Versions Devise versions 5.0.3 and earlier Description When the Timeoutable module is enabled, the FailureAppredirect url method returns the request.referrer the HTTP Referer header without validation for any non-GET request that results in a session...

6.1CVSS5.9AI score0.00067EPSS

Exploits0References6

Veracode•added 2026/03/21 5:28 a.m.•5 views

Devise Has A Confirmable "change Email" Race Condition Permits User To Confirm Email They Have No Access To

Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the "reconfirmable" option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...

6CVSS5.9AI score0.00019EPSS

Exploits0Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by