CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

OSV•added 2026/05/26 9:16 p.m.•3 views

DEBIAN-CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 7:43 p.m.•4 views

CVE-2026-44836

6.5CVSS5.9AI score0.00013EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/26 7:43 p.m.•9 views

CVE-2026-44836

CVE-2026-44836 insight (normal mode) The vulnerability affects the Ruby on Rails component framework view_component (versions 3.0.0 through 4.8.x; fixed in 4.9.0). The preview route derives an example name from the URL and uses public_send to dispatch to that preview without verifying it is an ex...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

EUVD•added 2026/05/26 7:43 p.m.•9 views

EUVD-2026-31972

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

Debian CVE•added 2026/05/26 7:43 p.m.•6 views

CVE-2026-44836

6.5CVSS5.9AI score0.00013EPSS

Exploits0

Vulnrichment•added 2026/05/26 7:43 p.m.•6 views

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1

Cvelist•added 2026/05/26 7:43 p.m.•29 views

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

6.5CVSS0.00013EPSS

Exploits0References1

OSV•added 2026/05/08 11:33 p.m.•0 views

GHSA-7F3R-GWC9-2995 view_component: Preview Route Can Dispatch Inherited Helper Methods

Summary The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References4

Github Security Blog•added 2026/05/08 11:33 p.m.•6 views

view_component: Preview Route Can Dispatch Inherited Helper Methods

6.5CVSS5.9AI score0.00013EPSS

Exploits0References4Affected Software1

RubySec•added 2026/05/08 12:0 a.m.•6 views

view_component - Preview Route Can Dispatch Inherited Helper Methods'

The preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview examples explicitly defined by the preview class. As a result, inherited public methods on ViewComponent::Preview are route-reachable. The...

6.5CVSS5.9AI score0.00013EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•10 views

PT-2026-39302

Name of the Vulnerable Software and Affected Versions view component versions 3.0.0 through 4.8.x Description The preview route derives an example name from the URL and invokes it using public send without verifying if the requested method is an explicitly defined preview example. This allows...

6.5CVSS5.8AI score0.00013EPSS

Exploits0References5

RedhatCVE•added 2024/12/12 8:48 a.m.•13 views

CVE-2024-55601

A flaw was found in the Hugo static site generator. Some HTML attributes in Markdown in the internal templates do not escape in internal render hooks. Hugo users who do not trust their Markdown content files and are using one or more of these templates are impacted; default/markup/render-link.htm...

5.4CVSS6.3AI score0.0038EPSS

Exploits0References7

SUSE CVE•added 2024/12/11 3:48 a.m.•1 views

SUSE CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS6.6AI score0.0038EPSS

Exploits0References4

OSV•added 2024/12/10 9:29 p.m.•13 views

GO-2024-3314 Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo

Hugo does not escape some attributes in internal templates in github.com/gohugoio/hugo...

5.3CVSS5.3AI score0.0038EPSS

Exploits0References4

OSV•added 2024/12/09 10:15 p.m.•2 views

DEBIAN-CVE-2024-55601

5.3CVSS5.8AI score0.0038EPSS

Exploits0References1

OSV•added 2024/12/09 10:15 p.m.•2 views

UBUNTU-CVE-2024-55601

5.3CVSS7.1AI score0.0038EPSS

Exploits0References6

Vulnrichment•added 2024/12/09 9:11 p.m.•9 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

5.3CVSS6.7AI score0.0038EPSS

Exploits0References4

Cvelist•added 2024/12/09 9:11 p.m.•14 views

CVE-2024-55601 Hugo does not escape some attributes in internal templates

5.3CVSS0.0038EPSS

Exploits0References4

Github Security Blog•added 2024/12/09 8:44 p.m.•14 views

Hugo does not escape some attributes in internal templates

Impact Some HTML attributes in Markdown in the internal templates listed below not escaped. Impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates. default/markup/render-link.html from v0.123.0 default/markup/render-image.html from...

5.3CVSS6.7AI score0.0038EPSS

Exploits0References6Affected Software1

OSV•added 2024/04/23 9:15 p.m.•1 views

DEBIAN-CVE-2024-32875

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in internal render hooks. Hugo users who are impacted are those who have these hooks enabled and do not trust their Markdown content files. The...

6.1CVSS6.2AI score0.00211EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by