CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

Tenable Nessus•added 2026/01/13 12:0 a.m.•3 views

MiracleLinux 7 : ruby-2.0.0.648-39.0.3.el7.AXS7 (AXSA:2025-10921:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10921:03 advisory. CVE-2017-9226: fix a heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. CVE-2016-2338: fix heap overflo...

9.8CVSS7.6AI score0.13462EPSS

Exploits6References4

Tenable Nessus•added 2025/09/04 12:0 a.m.•2 views

Amazon Linux 2 : ruby, --advisory ALAS2-2025-2990 (ALAS-2025-2990)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2990 advisory. An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter...

9.8CVSS8.6AI score0.13462EPSS

Exploits3References4

Amazon•added 2025/09/04 12:0 a.m.•1 views

Medium: ruby

Issue Overview: An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can...

9.8CVSS7.5AI score0.13462EPSS

Exploits3

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-8975 Malicious code in @malware-test-sudor-foins-brill-psych/test-mlw3-sudor-foins-brill-psych (npm)

The package @malware-test-sudor-foins-brill-psych/test-mlw3-sudor-foins-brill-psych was found to contain malicious code...

7.2AI score

Exploits0

Openbugbounty•added 2023/12/04 5:19 p.m.•5 views

kcpsych.com Improper Access Control vulnerability OBB-3802559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score

Exploits0

Openbugbounty•added 2023/03/16 7:4 p.m.•9 views

plymouthpsychgroup.com Cross Site Scripting vulnerability OBB-3224272

Exploits0

SUSE CVE•added 2023/02/15 5:6 a.m.•1 views

SUSE CVE-2016-2338

An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array...

9.8CVSS7.5AI score0.13462EPSS

Exploits3References3

Veracode•added 2022/10/18 1:20 p.m.•26 views

Heap Buffer Overflow

Psych is vulnerable to heap buffer overflow. The vulnerability is due to the startdocument function in psychemitter.c buffer head allocation based on the tags array length. This flaw allows an attacker to pass a specially constructed element of tags array object that can increase this array size...

9.8CVSS2.9AI score0.13462EPSS

Exploits3References6Affected Software1

RedhatCVE•added 2022/10/13 2:59 p.m.•20 views

CVE-2016-2338

An exploitable heap overflow vulnerability was found in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on the tags array length. A specially constructed object passed as elements of tags array can increase th...

9.8CVSS1.8AI score0.13462EPSS

Exploits3References4

Snyk•added 2022/09/29 1:47 p.m.•1 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the startdocument function in psychemitter.c. Passing in a malicious tags array can trigger a crash. PoC: ruby require 'Psych' $tags = puts "+ Start" f = File.new"newfile", "w+" emitter = Psych::Emitter.new...

9.8CVSS7AI score0.13462EPSS

Exploits3References2

OSV•added 2022/09/29 3:15 a.m.•16 views

CVE-2016-2338

9.8CVSS7.1AI score

Exploits0References3

NVD•added 2022/09/29 3:15 a.m.•26 views

CVE-2016-2338

9.8CVSS0.13462EPSS

Exploits3References3

UbuntuCve•added 2022/09/29 3:15 a.m.•26 views

CVE-2016-2338

9.8CVSS7.5AI score0.13462EPSS

Exploits3References2

OSV•added 2022/09/29 3:15 a.m.•0 views

UBUNTU-CVE-2016-2338

9.8CVSS7.6AI score0.13462EPSS

Exploits3References3

Prion•added 2022/09/29 3:15 a.m.•12 views

Heap overflow

7.5CVSS7.4AI score0.13462EPSS

Exploits3References3Affected Software2

RubySec•added 2022/09/28 12:0 a.m.•3 views

Exploitable heap overflow vulnerability exists in Ruby's Psych::Emitter start_document function

9.8CVSS7.4AI score0.13462EPSS

Exploits3References1Affected Software1

RubySec•added 2022/02/24 12:0 a.m.•34 views

CVE-2022-25857 jruby/psych/snakeyaml: Denial of Service (DoS) due missing to nested depth limitation for collections

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for collections. This package is bundled into Psych which is in turn bundled into jruby...

7.5CVSS7.6AI score0.0292EPSS

Exploits2References1Affected Software1

Hacker One•added 2022/02/21 10:5 p.m.•2 views

Ruby: ReDoS in Psych

The Psych library in Ruby was found to have a ReDoS Regular Expression Denial of Service vulnerability in the parsing of time strings. The vulnerability was identified in the regular expression used to extract date and time information from the input string. The regular expression was susceptible...

6.7AI score

Exploits0

Openbugbounty•added 2022/01/24 9:48 a.m.•9 views

psych-research.com Cross Site Scripting vulnerability OBB-2344636

6.2AI score

Exploits0

Openbugbounty•added 2021/12/19 3:43 p.m.•12 views

psych-research.com Cross Site Scripting vulnerability OBB-2307666

6.2AI score

Exploits0

Rows per page