Lucene search
K

7 matches found

CVE
CVE
added 2026/01/27 10:4 p.m.16 views

CVE-2026-24783

The CVE-2026-24783 issue in soroban-fixed-point-math causes incorrect rounding in mulDiv when both the intermediate product and the divisor are negative, affecting signed FixedPoint implementations (i64, i128, I256) in versions 1.3.0 and 1.4.0. A patch exists in v1.3.1 and v1.4.1; every version &...

7.5CVSS5.9AI score0.00372EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/25 2:54 p.m.5 views

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.8AI score0.02327EPSS
Exploits3References1
NVD
NVD
added 2025/09/24 2:15 p.m.7 views

CVE-2025-48868

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS0.02327EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2025/09/24 1:51 p.m.2 views

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

7.2CVSS8.5AI score0.02327EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/08/31 9:32 p.m.4 views

CVE-2025-58067

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

4.2CVSS6.5AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2025/08/29 9:5 p.m.15 views

CVE-2025-58067

CVE-2025-58067 affects Basecamp’s google_sign_in gem for Rails before 1.3.1. The issue allows a redirect to another origin when the session key proceed_to is a protocol-relative URL, potentially set by a malicious site via form submission and then used in an OAuth2 request. The vulnerability reli...

4.2CVSS6.1AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/29 9:5 p.m.9 views

CVE-2025-58067 Basecamp's Google Sign-In for Rails allowed redirects to protocol-relative URI

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceedto" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library ...

4.2CVSS0.00211EPSS
Exploits0References4
Rows per page
Query Builder