Lucene search
K

4378 matches found

Nuclei
Nuclei
added 9 hours ago25 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago168 views

Camaleon CMS < 2.8.1 Arbitrary File Write to RCE

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on depending on the permissions of the underlying filesystem. E.g. This can lead to a remote...

9.9CVSS6.5AI score0.35461EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago123 views

Ruby On Rails - Local File Inclusion

Ruby On Rails is vulnerable to local file inclusion caused by secondary decoding in Sprockets 3.7.1 and lower versions. An attacker can use %252e%252e/ to access the root directory and read or execute any file on the target server. id: CVE-2018-3760 info: name: Ruby On Rails - Local File Inclusio...

7.5CVSS7AI score0.26717EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday75 views

Ruby on Rails Web Console - Remote Code Execution

Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelistedips protection mechanism via a crafted request to request.rb...

4.3CVSS6.2AI score0.44984EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday73 views

Ruby on Rails <5.0.1 - Remote Code Execution

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. id: CVE-2020-8163 info: name: Ruby on Rails 5.0.1 - Remote Code Execution author: timkoopmans severity: high description: Ruby on Rails before version 5.0...

8.8CVSS7.4AI score0.83085EPSS
Exploits10References4
Chainguard
Chainguard
added 2026/07/03 8:22 p.m.10 views

GHSA-V62P-RQ8G-8H59 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/03 8:22 p.m.13 views

GHSA-H7CP-R72F-JXH6 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/07/03 8:22 p.m.13 views

CVE-2025-6547 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

9.1CVSS6.4AI score0.00387EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/03 8:22 p.m.13 views

CVE-2025-6545 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, gitlab-rails-ce...

9.1CVSS6.4AI score0.00359EPSS
Exploits0
OSV
OSV
added 2026/07/03 11:5 a.m.2 views

OPENSUSE-SU-2026:21225-1 Security update for rmt-server

This update for rmt-server fixes the following issue Update to 3.0.0: - CVE-2026-42256: net-imap: hostile server can perform a DoS on client authenticating a connection with SCRAM-SHA1 or SCRAM-SHA2 bsc1265369. Changes for rmt-server: - Version 3.0.0 Security fix: Remove unused...

6.5CVSS6AI score0.00299EPSS
Exploits0References12
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.83 views

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References5
Snyk
Snyk
added 2026/07/01 6:57 p.m.7 views

Timing Attack

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...

9.1CVSS6AI score
Exploits0References2
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.7 views

GHSA-7FH5-64P2-3V2J vulnerabilities

Vulnerabilities for packages: py3-captum, gitlab-rails-ce-fips, gitlab-rails-ce...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.9 views

CVE-2023-44270 vulnerabilities

Vulnerabilities for packages: py3-captum, gitlab-rails-ce-fips, gitlab-rails-ce...

5.3CVSS6.5AI score0.00822EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/29 8:22 p.m.7 views

GHSA-8452-54WP-RMV6 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/29 8:22 p.m.7 views

CVE-2025-68429 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips...

7.3CVSS5.8AI score0.00235EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/27 8:23 p.m.8 views

CVE-2025-8101 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips...

8.8CVSS5.8AI score0.00501EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/27 8:23 p.m.8 views

GHSA-95JQ-XPH2-CX9H vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, traefik-fips, frankenphp-8.4, commercial-expanso-edge, argocd-image-updater-fips, keda-fips, osv-scanner, kubernetes-dashboard, knative-kafka-broker, loki, argo-workflows-fips, zarf-fips, prometheus-operator, gitlab-workhorse-ce-fips, trivy-fips...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, traefik-fips, frankenphp-8.4, commercial-expanso-edge, argocd-image-updater-fips, keda-fips, osv-scanner, kubernetes-dashboard, knative-kafka-broker, loki, argo-workflows-fips, zarf-fips, prometheus-operator, gitlab-workhorse-ce-fips, trivy-fips...

6.1AI score
Exploits0
Rows per page
Query Builder