Lucene search
K

10 matches found

OSV
OSV
added 2026/05/22 8:16 p.m.10 views

UBUNTU-CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 7:10 p.m.14 views

CVE-2026-40295 Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS0.00241EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 7:10 p.m.12 views

CVE-2026-40295 Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/22 7:10 p.m.8 views

EUVD-2026-31488

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 7:10 p.m.7 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/22 7:10 p.m.7 views

CVE-2026-40295

Devise is an authentication solution for Rails based on Warden. In versions 5.0.3 and below, when the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET...

6.1CVSS5.8AI score0.00241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39182

Name of the Vulnerable Software and Affected Versions Devise versions 5.0.3 and earlier Description When the Timeoutable module is enabled, the FailureAppredirect url method returns the request.referrer the HTTP Referer header without validation for any non-GET request that results in a session...

6.1CVSS5.9AI score0.00241EPSS
Exploits0References6
RubySec
RubySec
added 2026/05/08 12:0 a.m.12 views

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Summary When the Timeoutable module is enabled in Devise, the FailureAppredirecturl method returns request.referrer — the HTTP Referer header, which is attacker-controllable — without validation for any non-GET request that results in a session timeout. An attacker who hosts a page with an...

6.1CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2012-6540

The doipvsgetctl function in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IPVSSOGETTIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

1.9CVSS5.9AI score0.00359EPSS
Exploits0References6
OSV
OSV
added 2013/03/15 8:55 p.m.3 views

DEBIAN-CVE-2012-6540

The doipvsgetctl function in net/netfilter/ipvs/ipvsctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IPVSSOGETTIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application...

1.9CVSS5.9AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder