17 matches found
CVE-2026-55830
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...
CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image
OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...
Vite: `server.fs.deny` bypassed with queries
Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...
PT-2025-27411 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's Redshift Data Source JDBC Connection Parameters. The sslfactory and...
CVE-2021-46442
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...
openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)
This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...
OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...
OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...
openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1533-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...
Security update for rubygem-actionpack-5_1 (important)
openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...
SUSE-SU-2020:2710-1 Security update for rubygem-actionpack-5_1
This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177...
Debian DLA-2251-1 : rails security update
Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...
Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the...
GHSA-HM48-76WH-Q86V High severity vulnerability that affects activerecord
Withdrawn, accidental duplicate publish. activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes...