Lucene search
K

17 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-55830

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Prior to 8.3, checkfunctionargumentnames rejected protected guard hook names for regular, variadic, and keyword-only arguments but omitted...

8.3CVSS5.9AI score
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.35 views

CVE-2026-43532 OpenClaw 2026.4.7 < 2026.4.10 - Sandbox Media Normalization Bypass via Discord Event Cover Image

OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media...

7.7CVSS0.00259EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/06 6:3 p.m.208 views

Vite: `server.fs.deny` bypassed with queries

Summary The contents of files that are specified by server.fs.deny can be returned to the browser. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file exists in th...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.3 views

PT-2025-27411 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.11 Description: DataEase is an open source business intelligence and data visualization tool. There is a bypass vulnerability in DataEase's Redshift Data Source JDBC Connection Parameters. The sslfactory and...

9.8CVSS6.3AI score0.00522EPSS
Exploits1References11
Cvelist
Cvelist
added 2022/04/27 10:10 a.m.27 views

CVE-2021-46442

In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization...

10AI score0.54566EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.31 views

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

7.5CVSS7.2AI score0.04198EPSS
Exploits1References2
OSV
OSV
added 2020/09/29 8:24 a.m.5 views

OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/29 12:0 a.m.49 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...

7.5CVSS6.9AI score0.04198EPSS
Exploits1References1
OSV
OSV
added 2020/09/26 4:20 a.m.6 views

OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/26 12:0 a.m.54 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

7.5CVSS6.8AI score0.04198EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2020/09/26 12:0 a.m.26 views

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1533-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8AI score0.04198EPSS
Exploits1References2
OSV
OSV
added 2020/09/25 6:21 p.m.6 views

OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/25 12:0 a.m.56 views

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...

7.5CVSS6.8AI score0.04198EPSS
Exploits1References1
OSV
OSV
added 2020/09/22 3:6 p.m.6 views

SUSE-SU-2020:2710-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177...

7.5CVSS7.7AI score0.04198EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/06/22 12:0 a.m.43 views

Debian DLA-2251-1 : rails security update

Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...

9.8CVSS7.7AI score0.45732EPSS
Exploits6References4
Github Security Blog
Github Security Blog
added 2020/05/26 3:9 p.m.68 views

Possible Strong Parameters Bypass in ActionPack

There is a strong parameters bypass vector in ActionPack. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of each, or eachvalue, or eachpair will return the...

7.5CVSS7.5AI score0.04198EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2018/08/21 7:3 p.m.4 views

GHSA-HM48-76WH-Q86V High severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes...

7.5CVSS6.4AI score0.02797EPSS
Exploits0References2
Rows per page
Query Builder