CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-2418

Malware in sbrugna...

8.1CVSS8AI score0.00255EPSS

Exploits1References8

Snyk•added 2021/12/08 12:8 p.m.•34 views

Authentication Bypass

Overview Affected versions of this package are vulnerable to Authentication Bypass when a password's salt is unknown. If the secret key base variable is somehow leaked, an attacker can become any user by misusing the masquerade back functionality of this Devise extension, something that is not...

8.1CVSS7AI score0.00255EPSS

Exploits1References2

CNVD•added 2021/12/08 12:0 a.m.•9 views

Alexandr Korsak Devise Masquerade has an unspecified vulnerability

Alexandr Korsak Devise Masquerade is a library of utilities from the Spanish company Alexandr Korsak. Alexandr Korsak Devise Masquerade is a security vulnerability that could be exploited by attackers to emulate any user on the site...

8.1CVSS4.4AI score0.00255EPSS

Exploits1References1

ATTACKERKB•added 2021/12/07 9:15 p.m.•1 views

CVE-2021-28680

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

8.1CVSS5.6AI score0.00255EPSS

Exploits1References3