Lucene search
K

4 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Ruby2.5, JRuby

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby, up to 3.2.1. The Time parser improperly handles invalid URLs that contain specific characters. This causes an increase in execution time when parsing strings into Time objects. The fixed versions are 0.1.1 and 0.2.2...

5.3CVSS7.1AI score0.02452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:2 p.m.11 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.00357EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/08 12:6 a.m.3 views

EUVD-2026-19790

coursevault-preview has a path traversal due to improper base-directory boundary validation...

5.1CVSS5.9AI score0.00141EPSS
Exploits1References2
OSV
OSV
added 2026/03/10 5:40 p.m.3 views

CVE-2026-30977 RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

2CVSS5.8AI score0.00472EPSS
Exploits0References5
Rows per page
Query Builder