CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

CNNVD•added 2026/03/18 12:0 a.m.•3 views

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1 have a SQL injection vulnerability. This vulnerability arises from custom field names not being properly cleaned in SQL queries, which can allow SQL injection...

9.1CVSS6AI score0.0004EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-1469

Malware in sbrugna...

9.8CVSS9.2AI score0.00513EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-4435

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.02779EPSS

Exploits1References14

RedhatCVE•added 2025/05/22 9:18 p.m.•3 views

CVE-2021-32096

The ConsoleAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code for an eval call via the CONSOLECOMMANDSTRING parameter...

8.8CVSS7.3AI score0.00145EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 7:54 p.m.•2 views

CVE-2021-35514

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.8CVSS7.3AI score0.00513EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 4:8 a.m.•1 views

SUSE CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

7.8CVSS7.6AI score0.01157EPSS

Exploits1References8

OSV•added 2021/07/02 6:36 p.m.•12 views

GHSA-GWRJ-88FP-5M36 Code injection in Narou

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

8.5CVSS9.7AI score0.00513EPSS

Exploits0References5

OSV•added 2021/06/28 12:15 p.m.•0 views

CVE-2021-35514

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.8CVSS5.8AI score0.00513EPSS

Exploits0References2

NVD•added 2021/06/28 12:15 p.m.•7 views

CVE-2021-35514

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.8CVSS0.00513EPSS

Exploits0References2

CVE•added 2021/06/28 11:29 a.m.•63 views

CVE-2021-35514

Narou (aka Narou.rb) up to version 3.8.0 is vulnerable to Ruby code injection via the title or author name fields of a novel. The underlying issue is untrusted code execution through these inputs, enabling code execution on the affected system. Affected software: Narou.rb (Ruby-based Narou). Root...

9.8CVSS9.6AI score0.00513EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/06/28 11:29 a.m.•8 views

CVE-2021-35514

Narou aka Narou.rb before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel...

9.9AI score0.00513EPSS

Exploits0References2

CNNVD•added 2021/01/12 12:0 a.m.•2 views

ClusterLabs Hawk Code Injection Vulnerability

Clusterlabs Crmsh is a command line software for GNU/Linux systems for high availability cluster management from the ClusterLabs Clusterlabs team. A code injection vulnerability exists in ClusterLabs Hawk 2.x through 2.3.0-x, which stems from a Ruby code injection in hawkremembermeid in the...

10CVSS7.6AI score0.12988EPSS

Exploits0References8

Tenable Nessus•added 2020/07/01 12:0 a.m.•130 views

EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Oniguruma 6.x before 6.9.4rc2. In the function fetchintervalquantifier formerly known as...

8.1CVSS7.2AI score0.08946EPSS

Exploits2References6

OSV•added 2019/11/26 6:15 p.m.•1 views

DEBIAN-CVE-2019-16255

8.1CVSS6.9AI score0.01157EPSS

Exploits1References1