CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2011-5230

Malware in sbrugna...

9.8CVSS9.2AI score0.05028EPSS

Exploits1References2

Snyk•added 2025/08/20 6:30 p.m.•1 views

Arbitrary Code Injection

Overview rdsearchlogic is a Searchlogic makes using ActiveRecord named scopes easier and less repetitive. Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchinstanceeval parameter, which is dynamically invoked using the send method. An attacker can execute...

9.8CVSS7.8AI score0.68643EPSS

Exploits1References3

Github Security Blog•added 2025/08/20 6:30 p.m.•6 views

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

9.8CVSS7.9AI score0.68643EPSS

Exploits1References11Affected Software2

NVD•added 2025/08/20 4:15 p.m.•7 views

CVE-2011-10026

9.8CVSS0.68643EPSS

Exploits1References5

CVE•added 2025/08/20 3:41 p.m.•15 views

CVE-2011-10026

The CVE-2011-10026 issue affects Spreecommerce versions prior to 0.50.x, where the API search endpoint is vulnerable to remote command execution. The root cause is improper input sanitation that allows injection of arbitrary shell commands via the search[instance_eval] parameter, which is dynamic...

9.8CVSS7.4AI score0.68643EPSS

Exploits1References5Affected Software1

RubySec•added 2025/08/20 12:0 a.m.•3 views

Spree Commerce is vulnerable to RCE through Search API

9.8CVSS7.5AI score0.68643EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/05/22 4:51 a.m.•5 views

CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

9.8CVSS7AI score0.05028EPSS

Exploits1References1

NVD•added 2019/11/18 6:15 p.m.•9 views

CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

9.8CVSS9.5AI score0.05028EPSS

Exploits1References1

Prion•added 2019/11/18 6:15 p.m.•9 views

Design/Logic Flaw

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

7.5CVSS7.1AI score0.05028EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/11/18 5:8 p.m.•15 views

CVE-2011-5331

Distributed Ruby aka DRuby 1.8 mishandles instanceeval...

9.6AI score0.05028EPSS

Exploits1References1

CVE•added 2019/11/18 5:8 p.m.•60 views

CVE-2011-5331

CVE-2011-5331 affects Distributed Ruby (DRuby) 1.8, described as a mishandling of instance_eval. The connected documents corroborate this description but do not provide concrete affected versions beyond DRuby 1.8, nor any explicit patch/version for remediation. Exploitation status is not detailed...

9.8CVSS9.3AI score0.05028EPSS

Exploits1References1Affected Software1

RedHat Linux•added 2018/09/26 6:36 p.m.•4 views

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

7.8CVSS6.1AI score0.00108EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by