11 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33167
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...
CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL
Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...
Design/Logic Flaw
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163
CVE-2022-46163 affects the Travel Support Program (openSUSE) – a Rails app that uses the Ransack search library. The default Ransack configuration can be abused via *_start, *_end, or *_cont matchers to perform character‑by‑character brute‑force and exfiltrate sensitive data (e.g., bank account n...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
CVE-2022-46163 travel-support-program vulnerable to data exfiltration via Ransack query injection
Travel support program is a rails app to support the travel support program of openSUSE TSP. Sensitive user data bank account details, password Hash can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The...
Sipity SQL注入漏洞
Sipity is an open source plugin-ready and extensible Rails application from Hesburgh Libraries of Notre Dame. It is used to model approval-based workflows. Sipity suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...
GitLab 跨站脚本漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab, which stems fr...
Authorization Bypass
actionpack is vulnerable to authorization bypass. An attacker is be able to execute any migrations that are pending for a Rails app running in production mode...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization. By default, an attacker is able to execute any migrations that are pending for a Rails app running in production mode. Remediation Upgrade actionpack to version 6.0.3.2 or higher. References - GItHub Commit - Rai...
Cross-site request forgery (CSRF) vulnerability in doorkeeper 1.4.0 and earlier.
Cross-site request forgery CSRF vulnerability in doorkeeper 1.4.0 and earlier allows remote attackers to hijack the user's OAuth autorization code. This vulnerability has been assigned the CVE identifier CVE-2014-8144. Doorkeeper's endpoints didn't have CSRF protection. Any HTML document on the...