Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OpenVAS
OpenVASadded 2026/04/02 12:0 a.m.2 views

Ubuntu: Security Advisory (USN-8137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.00009EPSS
Exploits0References2
OSV
OSVadded 2026/03/31 8:49 a.m.4 views

USN-8137-1 ruby2.3, ruby2.5, ruby2.7, ruby3.0, ruby3.2, ruby3.3 vulnerability

It was discovered that the Ruby URI gem did not properly handle sensitive information when combining URIs. A remote attacker could possibly use this issue to leak authentication credentials...

7.5CVSS7.3AI score0.00009EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2025/05/26 8:36 a.m.1 views

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References6
OSV
OSVadded 2025/03/04 12:15 a.m.1 views

AZL-57778 CVE-2025-27221 affecting package ruby for versions less than 3.1.4-9

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

5.3CVSS6.5AI score0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/03/03 12:0 a.m.5 views

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

3.2CVSS3.8AI score0.00156EPSS
Exploits0References2
CVE
CVEadded 2025/03/03 12:0 a.m.287 views

CVE-2025-27221

CVE-2025-27221 affects the Ruby URI module (URI.join, URI#merge, URI#+). The root issue is leakage of userinfo credentials when the host is changed, as userinfo is retained. This impacts versions of the URI gem prior to 1.0.3; the issue is fixed in 1.0.3 and later. If exploited, credential exposu...

5.3CVSS4.3AI score0.00156EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linuxadded 2024/04/01 1:31 a.m.1 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.5AI score0.00337EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2023/05/24 8:59 a.m.2 views

ruby: ReDoS vulnerability in URI

A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service ReDoS...

5.3CVSS7.3AI score0.00337EPSS
Exploits0References5
Rows per page
Query Builder