CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в puma

Puma is a Ruby/Rack web server designed for parallelism. In affected versions, clients could manipulate values set by intermediate proxies such as X-Forwarded-For by providing a version of the header with an underscore . Any users who rely on proxy-defined headers are affected. Versions...

5.4CVSS6.6AI score0.00803EPSS

Exploits0References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017658 advisory. Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that...

7.5CVSS6.6AI score0.01587EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017512)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017512 advisory. In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma...

7.5CVSS6.7AI score0.01782EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•3 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017528)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017528 advisory. In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If th...

7.5CVSS5.7AI score0.01782EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...

9.1CVSS6.6AI score0.00417EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в puma

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

7.5CVSS6.7AI score0.01358EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

7.5CVSS6.9AI score0.0246EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в puma

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a...

3.7CVSS6.9AI score0.00288EPSS

OPENSUSE Linux•added 2026/03/17 12:0 a.m.•2 views

ruby4.0-rubygem-puma-6.4.3-1.5 on GA media (moderate)

ruby4.0-rubygem-puma-6.4.3-1.5 on GA media Announcement ID: openSUSE-SU-2026:10357-1 Rating: moderate Cross-References: CVE-2019-16770 CVE-2020-11076 CVE-2022-23634 CVE-2024-45614 CVSS scores: CVE-2019-16770 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-11076 SUSE : 6.8...

7.5CVSS6.7AI score0.01782EPSS

Exploits0

OSV•added 2026/03/13 12:0 a.m.•1 views

OPENSUSE-SU-2026:10357-1 ruby4.0-rubygem-puma-6.4.3-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-puma-6.4.3-1.5 package on the GA media of openSUSE Tumbleweed...

8CVSS5.8AI score0.01782EPSS

RedhatCVE•added 2025/11/20 12:21 a.m.•2 views

CVE-2025-63221

The Axel Technology puma devices firmware versions 0.8.5 to 1.0.3 are vulnerable to Broken Access Control due to missing authentication on the /cgi-bin/gstFcgi.fcgi endpoint. Unauthenticated remote attackers can list user accounts, create new administrative users, delete users, and modify system...

9.1CVSS7.1AI score0.0012EPSS

Exploits1References1

NVD•added 2025/11/19 4:15 p.m.•1 views

CVE-2025-63221

9.1CVSS0.0012EPSS

OSV•added 2025/11/19 4:15 p.m.•0 views

CVE-2025-63221

9.1CVSS5.9AI score0.0012EPSS

Cvelist•added 2025/11/19 12:0 a.m.•5 views

CVE-2025-63221

0.0012EPSS

CNNVD•added 2025/11/19 12:0 a.m.•2 views

Axel PUMA 安全漏洞

Axel PUMA is an FM re-broadcast receiver and IP encoder device from Axel Italy. A security vulnerability exists in Axel PUMA versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a complete crack of the device...

9.1CVSS6.8AI score0.0012EPSS

Exploits1References3

Vulnrichment•added 2025/11/19 12:0 a.m.•0 views

CVE-2025-63221

6.7AI score0.0012EPSS