Lucene search
K

2118 matches found

Chainguard
Chainguard
added 2026/04/06 1:18 a.m.5 views

GHSA-8VQR-QJWX-82MW vulnerabilities

Vulnerabilities for packages: pact-broker-docker-fips, ruby3.2-rack, ruby3.4-rails, ruby4.0-rack, pact-broker-docker, ruby3.4-rack, gitlab-cng, gitlab-rails-ce-fips, kube-fluentd-operator, gitlab-rails-ce, logstash, ruby3.2-rails, ruby3.3-rack...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/03/30 1:53 p.m.8 views

GHSA-2J22-PR5W-6GQ8 vulnerabilities

Vulnerabilities for packages: ruby3.4-rails...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does no...

5.3CVSS6.1AI score0.00401EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.3 views

CVE-2026-33209

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

6.1CVSS5.7AI score0.00264EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/03/25 7:23 a.m.8 views

CVE-2026-33168 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, ruby3.4-rails, ruby3.2-rails, gitlab-rails-ce...

2.3CVSS6.2AI score0.00516EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/25 7:23 a.m.7 views

CVE-2026-33173 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce-fips, ruby3.4-rails, ruby3.2-rails, gitlab-rails-ce...

5.3CVSS6.1AI score0.0039EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/25 1:48 a.m.6 views

CVE-2026-33174 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

8.7CVSS7.1AI score0.0061EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/25 1:48 a.m.8 views

CVE-2026-33173 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

5.3CVSS6.1AI score0.0039EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/25 1:48 a.m.9 views

GHSA-QCFX-2MFW-W4CG vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.4-rails...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.11 views

SUSE CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS6AI score0.00401EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. NumberToDelimitedConverter uses a lookahead-based regular expression with gsub! to insert thousands delimiters. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the interaction between th...

6.9CVSS5.8AI score0.00498EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:24 a.m.6 views

SUSE CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, SafeBuffer% does not propagate the @htmlunsafe flag to the newly created buffer. If a SafeBuffer is mutated in place e.g. via gsub! and th...

6.1CVSS5.9AI score0.00327EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/24 11:13 a.m.11 views

CVE-2026-33176

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References10
OSV
OSV
added 2026/03/24 12:16 a.m.4 views

UBUNTU-CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.7AI score0.00646EPSS
Exploits0References9
OSV
OSV
added 2026/03/24 12:16 a.m.8 views

UBUNTU-CVE-2026-33174

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the proxy controller loads the entire requested byte range into memory before sending it. A request...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:1 p.m.2 views

CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefull...

2.3CVSS5.8AI score0.00516EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/23 10:58 p.m.5 views

CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page,...

5.3CVSS5.5AI score0.00401EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:39 p.m.4 views

CVE-2026-33209

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

5.3CVSS5.7AI score0.00264EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/20 10:39 p.m.6 views

CVE-2026-33209 Avo has a XSS vulnerability on `return_to` param

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.6 views

Avo 跨站脚本漏洞

Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.30.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnto query parameter in the Avo interface, which allowed reflective cross-site scripting...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References4
Rows per page
Query Builder