Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Debian CVE
Debian CVEadded 2025/09/17 5:45 p.m.3 views

CVE-2025-58767

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...

5.3CVSS7AI score0.00084EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-0903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypa...

9.8CVSS8.1AI score0.05545EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/04/28 4:2 p.m.21 views

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6CVSS0.00393EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/03/03 10:5 p.m.19 views

CGI has Regular Expression Denial of Service (ReDoS) potential in Util#escapeElement

There is a possibility for Regular expression Denial of Service ReDoS by in the cgi gem. This vulnerability has been assigned the CVE identifier CVE-2025-27220. We recommend upgrading the cgi gem. Details The regular expression used in CGI::UtilescapeElement is vulnerable to ReDoS. The crafted...

7.5CVSS7AI score0.00246EPSS
Exploits0References10Affected Software1
OSV
OSVadded 2024/08/01 3:15 p.m.3 views

AZL-47376 CVE-2024-41946 affecting package rubygem-rexml for versions less than 3.3.4-1

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

7.5CVSS7.3AI score0.00679EPSS
Exploits0References1
OSV
OSVadded 2022/01/22 11:3 a.m.3 views

OESA-2022-1497 ruby security update

Object-oriented scripting language interpreter. Security Fixes: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.CVE-2021-41819...

7.5CVSS6.8AI score0.00765EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2018/04/18 10:49 a.m.32 views

CVE-2018-3741

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

6.1CVSS3.1AI score0.00689EPSS
Exploits0References1
Prion
Prionadded 2018/03/30 7:29 p.m.24 views

Design/Logic Flaw

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications...

4.3CVSS5.9AI score0.00689EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder