Lucene search
K

2118 matches found

Nuclei
Nuclei
added yesterday25 views

Ruby on Rails - Open Redirect via Host Header Injection

Ruby on Rails action pack before 6.1.2.1, 6.0.3.5 contains an open redirect caused by special crafted Host headers in combination with allowed host formats, letting attackers redirect users to malicious websites, exploit requires attacker to control Host headers. id: CVE-2021-22881 info: name: Ru...

6.1CVSS6.6AI score0.87301EPSS
Exploits1References2
Snyk
Snyk
added last week4 views

Timing Attack

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...

9.1CVSS6AI score
Exploits0References2
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-WJV4-X9W8-WM3H vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-H8W8-99G7-QMVJ vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

CVE-2026-54904 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...

8.2CVSS5.9AI score0.00278EPSS
Exploits1
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

CVE-2026-54905 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.3-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails...

5.5CVSS5.9AI score0.00106EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.9 views

GHSA-8678-W3JW-XFC2 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-5V8H-3H3Q-446P vulnerabilities

Vulnerabilities for packages: ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, logstash, kube-logging-operator, logstash-fips, ruby4.0-rails, pact-broker-docker-fips, pact-broker-docker...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/21 2:16 a.m.6 views

GHSA-5PRR-V3J2-97MH vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.4-rails, ruby3.2-rails, logstash, ruby3.3-rails...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/21 2:16 a.m.13 views

CVE-2026-54906 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, kube-logging-operator, ruby3.3-rails, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-rails, ruby4.0-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...

9.8CVSS5.9AI score0.0016EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/21 2:16 a.m.10 views

GHSA-WV3X-4VXV-WHPP vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, kube-logging-operator, ruby3.3-rails, ruby3.3-fluentd-kubernetes-daemonset, ruby3.4-rails, ruby4.0-fluentd-kubernetes-daemonset, ruby3.2-rails, ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/06/21 2:16 a.m.9 views

GHSA-WFPW-MMFH-QQ69 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, ruby3.4-rails, ruby3.2-rails, logstash, ruby3.3-rails...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there was a potential XSS vulnerability with certain configurations of Rails::Html::Sanitizer, due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer might allow an attacke...

6.1CVSS6.6AI score0.0111EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 9:36 p.m.50 views

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...

5.6AI score
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/06/04 12:34 a.m.102 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Tuzitio Camaleon_Cms

HTB Facts — Full Writeup Difficulty: Medium OS: Lin...

7.7CVSS5.9AI score0.1456EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-44837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...

7.5CVSS5.5AI score0.00412EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.12 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References1
OSV
OSV
added 2026/05/26 9:16 p.m.5 views

DEBIAN-CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/26 7:40 p.m.14 views

EUVD-2026-31971

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:40 p.m.13 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder