4378 matches found
Ruby on Rails - Open Redirect via Host Header Injection
Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...
Camaleon CMS < 2.8.1 Arbitrary File Write to RCE
An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...
Ruby On Rails - Local File Inclusion
Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...
Ruby on Rails Web Console - Remote Code Execution
Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request to request.rb...
Ruby on Rails <5.0.1 - Remote Code Execution
Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. id: CVE-2020-8163 info: name: Ruby on Rails 5.0.1 - Remote Code Execution author: timkoopmans severity: high description: Ruby on Rails before version 5.0...
GHSA-V62P-RQ8G-8H59 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...
GHSA-H7CP-R72F-JXH6 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...
CVE-2025-6547 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...
CVE-2025-6545 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...
OPENSUSE-SU-2026:21225-1 Security update for rmt-server
This update for rmt-server fixes the following issue Update to 3.0.0: - CVE-2026-42256: net-imap: hostile server can perform a DoS on client authenticating a connection with SCRAM-SHA1 or SCRAM-SHA2 bsc1265369. Changes for rmt-server: - Version 3.0.0 Security fix: Remove unused...
Rails File Content Disclosure
Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...
Timing Attack
Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...
GHSA-7FH5-64P2-3V2J vulnerabilities
Vulnerabilities for packages: py3-captum, gitlab-rails-ce-fips, gitlab-rails-ce...
CVE-2023-44270 vulnerabilities
Vulnerabilities for packages: py3-captum, gitlab-rails-ce-fips, gitlab-rails-ce...
GHSA-8452-54WP-RMV6 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
CVE-2025-68429 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
CVE-2025-8101 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
GHSA-95JQ-XPH2-CX9H vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, traefik-fips, frankenphp-8.4, commercial-expanso-edge, argocd-image-updater-fips, keda-fips, osv-scanner, kubernetes-dashboard, knative-kafka-broker, loki, argo-workflows-fips, zarf-fips, prometheus-operator, gitlab-workhorse-ce-fips, trivy-fips...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, traefik-fips, frankenphp-8.4, commercial-expanso-edge, argocd-image-updater-fips, keda-fips, osv-scanner, kubernetes-dashboard, knative-kafka-broker, loki, argo-workflows-fips, zarf-fips, prometheus-operator, gitlab-workhorse-ce-fips, trivy-fips...