CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171 matches found

Chainguard•added yesterday•7 views

CVE-2026-54905 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, kube-fluentd-operator, ruby3.2-rails, ruby3.3-rails, ruby4.0-rails...

5.8AI score

Exploits0

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in JRuby

Before Ruby 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an HTTP Response Splitting attack was possible. An attacker could inject a crafted key and value into an HTTP response for the WEBrick HTTP server...

5.3CVSS6.8AI score0.0576EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в ruby2.5, jruby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a specified IP address and port. This potentially allows curl to extract information about services that would...

5.8CVSS6.7AI score0.0305EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux – Vulnerability in Ruby 2.5

A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...

4.5CVSS7.3AI score0.01571EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в ruby2.5

A buffer-overread issue was discovered in StringIO 3.0.1, which is available in Ruby 3.0.x through 3.0.6, and in Ruby 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is...

9.8CVSS6.8AI score0.02364EPSS

Exploits0References2

Tenable Nessus•added 2026/05/11 12:0 a.m.•8 views

Unity Linux 20.1060e / 20.1070e Security Update: ruby (UTSA-2026-017613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017613 advisory. The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can ...

7.5CVSS7.3AI score0.05061EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Ruby2.5, JRuby

A issue was discovered in Ruby between versions 2.6.7, 2.7.x up to 2.7.3, and 3.x up to 3.0.1. The Net::IMAP library does not raise an exception when the StartTLS command fails with an unknown response. This may allow man-in-the-middle attackers to bypass TLS protections by leveraging the network...

7.4CVSS6.3AI score0.02909EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Ruby 2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

7.5CVSS7AI score0.0387EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in Ruby 2.5

In RDoc 3.11 through 6.x, as distributed with Ruby up to 3.0.1, it was possible to execute arbitrary code using | and tags within a filename...

7CVSS7AI score0.0148EPSS

Exploits0References2

Chainguard•added 2026/04/11 2:19 a.m.•2 views

GHSA-33QG-7WPP-89CQ vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, pact-broker-docker, ruby3.2-rails, ruby3.3-rails, logstash, pact-broker-docker-fips, ruby4.0-rails...

5.8AI score

Exploits0

Github Security Blog•added 2026/04/08 12:5 a.m.•6 views

Addressable has a Regular Expression Denial of Service in Addressable templates

Impact Within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking: 1. Templates using the explode modifier with any expansion operator e.g., foo, +var, var, /var, .var, ;var, ?var, &var generate patterns...

7.5CVSS5.8AI score0.0036EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2026/02/02 12:0 a.m.•6 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2026-1215)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...

7.5CVSS7AI score0.0051EPSS

Exploits0References2

AstraLinux•added 2026/01/13 2:1 p.m.•3 views

Astra Linux – Vulnerability in Rubygems, Ruby 3.1

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby, up to 3.2.1. The URI parser improperly handles invalid URLs that contain specific characters. This leads to an increase in the execution time required to parse strings into URI objects. The fixed versions are 0.12.1, 0.11.1...

5.3CVSS6.8AI score0.02637EPSS

Exploits0References3

OpenVAS•added 2025/10/28 12:0 a.m.•2 views

Ubuntu: Security Advisory (USN-7840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.02064EPSS

Exploits1References2