CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using...

6.1CVSS6.3AI score0.02067EPSS

Exploits1References2

SUSE CVE•added 2024/12/04 3:48 a.m.•2 views

SUSE CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS8.6AI score0.02649EPSS

Exploits0References3

Snyk•added 2024/12/02 9:41 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Note Exploiting this vulnerability is only possible when the following are true: 1 HTML5 sanitization is enabled 2 The application developer has overridden the sanitizer'...

6.1CVSS5.3AI score0.01968EPSS

Exploits0References2

Positive Technologies•added 2024/12/02 12:0 a.m.•2 views

PT-2024-35997

Name of the Vulnerable Software and Affected Versions: rails-html-sanitizer version 1.6.0 Description: The issue is related to a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer when used with Rails = 7.1.0 and Nokogiri = 1.16.8...

6.4CVSS6.5AI score0.02649EPSS

Exploits0References28

OSV•added 2024/04/12 11:7 a.m.•1 views

OESA-2024-1364 rubygem-activestorage security update

Attach cloud and local files in Rails applications. Security Fixes: Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cooki...

5.3CVSS6.2AI score0.02363EPSS

Exploits0References2

OSV•added 2024/02/27 4:15 p.m.•1 views

UBUNTU-CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS6AI score0.03542EPSS

Exploits0References7

Vulnrichment•added 2023/02/02 12:0 a.m.•4 views

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

7.2AI score0.00134EPSS

Exploits0References3

RubySec•added 2020/09/09 12:0 a.m.•27 views

Potential XSS vulnerability in Action View

There is a potential Cross-Site Scripting XSS vulnerability in Action View's translation helpers. Views that allow the user to control the default not found value of the t and translate helpers could be susceptible to XSS attacks. Impact ------ When an HTML-unsafe string is passed as the default...

6.1CVSS1.8AI score0.01184EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2020/06/24 12:0 a.m.•4 views

PT-2020-20009 · Ruby On Rails +3 · Rails +3

Name of the Vulnerable Software and Affected Versions: Rails versions prior to 6.0.3.2 Description: A denial of service issue exists that allows an untrusted user to run any pending migrations on a Rails app running in production. This issue enables an attacker to execute migrations that are...

9.8CVSS7.6AI score0.94318EPSS

Exploits51References162

OSV•added 2020/06/19 6:15 p.m.•1 views

UBUNTU-CVE-2020-8167

A CSRF vulnerability exists in rails = 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains...

6.5CVSS6.8AI score0.00427EPSS

Exploits1References4

Packet Storm•added 2015/03/12 12:0 a.m.•19 views

Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret of 8e238c9702412d475a4c44b7726a0537. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems. msf exploitrailssecretdeserialization show...

0.2AI score

Exploits0

OSV•added 2013/10/17 12:55 a.m.•0 views

UBUNTU-CVE-2013-4389

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS7.3AI score0.01333EPSS

Exploits1References3

RedHat Linux•added 2013/02/28 6:53 p.m.•1 views

rubygem-activerecord: SQL injection when processing nested query paramaters

The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...

7.5CVSS7.2AI score0.00637EPSS

Exploits4References4

Positive Technologies•added 2011/02/21 12:0 a.m.•1 views

PT-2011-2351 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 3.0.x through 3.0.3 Description: The issue allows remote attackers to conduct SQL injection attacks via a non-numeric argument to the limit function, as it does not ensure that arguments specify integer values...

7.5CVSS7.3AI score0.00689EPSS

Exploits1References14

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by