CVE-2026-44836

CVE-2026-44836 insight (normal mode) The vulnerability affects the Ruby on Rails component framework view_component (versions 3.0.0 through 4.8.x; fixed in 4.9.0). The preview route derives an example name from the URL and uses public_send to dispatch to that preview without verifying it is an ex...

EUVD-2026-31972

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

CVE-2026-44836

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

CVE-2026-48903

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

CVE-2026-48903

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

EUVD-2026-31891

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

CVE-2026-48903 Joomla! Framework - [20260519] - Inadequate content filtering within the checkAttribute filter code.

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

Malicious code in create-arnext-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67a5229a06132707ff10eb04a5fc2a19abf029ded0d61e1c9d0814f5cb2bb667 The package declares "preinstall": "./.github/scripts/precheck" in package.json, which invokes a 976KB stripped Linux x8664 ELF binary hidden under...

view_component 安全漏洞

viewcomponent is an open-source framework developed by ViewComponent, designed for building reusable and testable view components. There are security vulnerabilities in the viewcomponent version 3.0.0 to 4.9.0. These vulnerabilities stem from the fact that the preview routing does not verify...

PT-2026-43321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Inadequate content filtering within the checkAttribute methods leads to Cross-Site Scripting XSS, a condition where malicious scripts are injected into otherwise...

IBM Engineering Lifecycle Management 安全漏洞

IBM Engineering Lifecycle Management is an engineering lifecycle management platform provided by the American multinational company International Business Machines IBM. Versions 7.0.3, 7.1.0, and 7.2.0 of IBM Engineering Lifecycle Management contain security vulnerabilities. These vulnerabilities...

CLSA-2026-1779694460 Fix CVE(s): CVE-2026-29518

SECURITY UPDATE: daemon-no-chroot TOCTOU symlink race - debian/patches/CVE-2026-29518.patch: track per-module chroot in amchrooted and usesecuresymlinks; route the sender's read-path open, the receiver's basis-file open, mkstemp, and inplace write through securerelativeopen / securemkstemp -...

Stabilising Explainability Fragility in Cybersecurity AI: The Impact and Mitigation of Multicollinearity in Public Benchmark Datasets

This paper investigates a unexplored yet impactful vulnerability in AI explainability used in intrusion detection IDS: multicollinearity-induced instability. Despite extensive reliance on post-hoc explainability tools such as SHAP or LIME, the impact of correlated features on explanation robustne...

Human Vulnerability Assessment in Cybersecurity: A Systematic Literature Review of Methods, Models, and Instruments

In cybersecurity, vulnerability assessment has typically focused on identifying and measuring vulnerabilities within digital assets and technical infrastructures. However, there is growing recognition that this approach alone is inadequate without a structured examination of the human factor, whi...

Pretraining Data Exposure in Large Language Models: A Survey of Membership Inference, Data Contamination, and Security Implications

Large Language Models LLMs have become the predominant paradigm in NLP, advancing both research and industry. As model sizes and pretraining data grow, concerns about Pretraining Data Exposure PDE increase due to the scale and opacity of training datasets. PDE refers to determining whether specif...

Cross-site Scripting (XSS)

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Twig\Profiler\Dumper\HtmlDumper output rendering logic. An attacker can execute arbitrary HTML or JavaScript by controlling template...

Astra Linux - уязвимость в jquery

In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...