Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

166 matches found

CVE
CVEadded 2 days ago8 views

CVE-2026-57436

Summary: The CVE affects Nokogiri (Ruby) prior to 1.19.4, where Nokogiri::XML::Document#root= could accept a DTD node as the document root, causing a heap use-after-free during garbage collection/finalization and potentially an invalid memory read or segfault. Root cause: setting a non-root node ...

6.3CVSS5.8AI score0.00332EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVEadded 2 days ago4 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
OSV
OSVadded 3 days ago3 views

UBUNTU-CVE-2026-54905

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used...

2CVSS5.8AI score0.00105EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/06/18 12:0 a.m.9 views

Ruby net-imap < 0.5.15 / 0.6.x < 0.6.4.1 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.5.15, or 0.6.x prior to 0.6.4.1. It is, therefore, affected by multiple vulnerabilities. - Several Net::IMAP commands accept a raw data argument that is sent verbatim after validation to prevent command injection...

5.8CVSS6AI score0.00491EPSS
Exploits0References6
Snyk
Snykadded 2026/06/09 9:21 p.m.7 views

Open Redirect

Overview oauth is a ruby gem that implements both OAuth clients and servers in Ruby applications. Affected versions of this package are vulnerable to Open Redirect via the tokenrequest function in the token endpoint redirect handling. An attacker can obtain sensitive OAuth request metadata, such ...

8.2CVSS5.5AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/05 7:30 p.m.9 views

CVE-2026-42258

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

9.8CVSS5.3AI score0.00937EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2026/05/15 4:8 p.m.11 views

CVE-2026-42245

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References10
Debian CVE
Debian CVEadded 2026/05/14 4:15 p.m.10 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0
OSV
OSVadded 2026/05/09 8:16 p.m.5 views

DEBIAN-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References1
OSV
OSVadded 2026/05/09 8:16 p.m.3 views

DEBIAN-CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

9.8CVSS5.7AI score0.00937EPSS
Exploits0References1
NVD
NVDadded 2026/05/09 8:16 p.m.11 views

CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

5.8CVSS0.00937EPSS
Exploits0References4
OSV
OSVadded 2026/05/09 8:16 p.m.5 views

UBUNTU-CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

7.5CVSS5.7AI score0.0041EPSS
Exploits0References9
OSV
OSVadded 2026/05/09 8:16 p.m.6 views

UBUNTU-CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

9.8CVSS5.7AI score0.00937EPSS
Exploits0References6
OSV
OSVadded 2026/05/09 8:16 p.m.3 views

UBUNTU-CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.7AI score0.00422EPSS
Exploits0References11
OSV
OSVadded 2026/05/09 8:16 p.m.4 views

UBUNTU-CVE-2026-42257

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled...

9.8CVSS5.9AI score0.00429EPSS
Exploits0References7
OSV
OSVadded 2026/04/29 6:53 a.m.5 views

CLSA-2026-1777444043 ruby: Fix of 2 CVEs

CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...

7.5CVSS7.2AI score0.05061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:22 p.m.2 views

CVE-2026-40069

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

7.5CVSS5.9AI score0.00266EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/09 5:22 p.m.6 views

CVE-2026-40069 bsv-sdk ARC broadcaster treats INVALID/MALFORMED/ORPHAN responses as successful broadcasts

BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection only recognises REJECTED and DOUBLESPENDATTEMPTED. ARC responses with txStatus values of INVALID, MALFORMED, MINEDINSTALEBLOCK, or any ORPHAN-containing extraInfo / txStatus are...

7.5CVSS5.8AI score0.00266EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/04/07 4:38 p.m.17 views

CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS0.0036EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2026/04/07 4:38 p.m.4 views

CVE-2026-35611

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking...

7.5CVSS5.2AI score0.0036EPSS
Exploits0
Rows per page
Query Builder