Lucene search
K

138 matches found

CBLMariner
CBLMariner
added 2026/04/16 2:25 a.m.6 views

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2. A patched version of the package is available...

5.8CVSS7.3AI score0.00351EPSS
Exploits0
Photon
Photon
added 2026/02/13 12:0 a.m.8 views

Important Photon OS Security Update - PHSA-2026-5.0-0762

Updates of 'rubygem-faraday', 'postgresql15', 'postgresql14' packages of Photon OS have been released...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/11 12:23 a.m.3 views

SUSE CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/10 3:9 a.m.8 views

CVE-2026-25765

A flaw was found in Faraday, an HTTP client library. The buildexclusiveurl method, which combines a base URL with a user-supplied path, incorrectly processes protocol-relative URLs e.g., //evil.com/path. This allows a remote attacker to supply a specially crafted URL, leading to Server-Side Reque...

5.8CVSS5.4AI score0.00351EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-25765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in...

5.8CVSS5.6AI score0.00351EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/09 10:22 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the buildexclusiveurl function in the connection.rb‎ file. An attacker can cause requests to be sent to arbitrary hosts by supplying a protocol-relative URL as input. Workaround This vulnerability ca...

6.9CVSS5.9AI score0.00351EPSS
Exploits0References2
OSV
OSV
added 2026/02/09 9:15 p.m.5 views

DEBIAN-CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 9:15 p.m.6 views

AZL-77639 CVE-2026-25765 affecting package rubygem-faraday 2.5.2-1

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.9AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 9:15 p.m.7 views

AZL-77631 CVE-2026-25765 affecting package rubygem-faraday 2.7.10-1

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.9AI score0.00351EPSS
Exploits0References1
NVD
NVD
added 2026/02/09 9:15 p.m.8 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS0.00351EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/09 9:15 p.m.7 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS7.3AI score0.00351EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/09 8:37 p.m.15 views

Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

5.8CVSS5.7AI score0.00351EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/02/09 8:37 p.m.5 views

GHSA-33MH-2634-FWR2 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Impact Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986, protocol-relative URLs e.g. //evil.com/path are treated as network-path references that override the base URL's host/authority...

5.8CVSS5.8AI score0.00351EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/02/09 8:30 p.m.32 views

CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765 Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References5
CVE
CVE
added 2026/02/09 8:30 p.m.41 views

CVE-2026-25765

CVE-2026-25765 affects Faraday (an HTTP client abstraction). The vulnerability arises in build_exclusive_url (lib/faraday/connection.rb) which uses URI#merge; protocol-relative URLs (e.g., //evil.com/…) override the base URL’s host, enabling potential SSRF if user-controlled input is passed to ge...

5.8CVSS5.8AI score0.00351EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/02/09 8:30 p.m.5 views

CVE-2026-25765

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Prior to 2.14.1, Faraday's buildexclusiveurl method in lib/faraday/connection.rb uses Ruby's URImerge to combine the connection's base URL with a user-supplied path. Per RFC 3986,...

5.8CVSS5.6AI score0.00351EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.6 views

faraday 代码问题漏洞

Faraday is an open-source HTTP client library developed by Lostisland. Versions of Faraday prior to 2.14.1 contained code vulnerabilities. These vulnerabilities stemmed from the use of the Ruby URImerge method to handle user input, which could lead to server-side request forgeing attacks...

5.8CVSS5.9AI score0.00351EPSS
Exploits0References3
Rows per page
Query Builder