Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the Mongoid::Criteria.fromhash function. An attacker can execute arbitrary Ruby code by supplying a specially crafted Hash value. Remediation Upgrade mongoid to version 7.6.1, 8.0.12, 8.1.12, 9.0.10 or highe...

CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302

Technical details about CVE-2026-2302 are not publicly available in the provided Connected documents. Monitor for updates; current information includes an Arbitrary Ruby code execution condition tied to Mongoid::Criteria.from_hash but no vendor/version specifics are given here.

EUVD-2020-6226

Malware in sbrugna...

CVE-2020-14067

The installfromhash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in checkupload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php...

Naviwebs Navigate CMS Code Issue Vulnerability

Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in the installfromhash function in Naviwebs Navigate CMS version 2.9, which can be exploited by attackers to compromise confidentiality, integrity, and...