Lucene search
K

2118 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/03/17 12:0 a.m.6 views

ruby4.0-rubygem-rails-8.0-8.0.3-1.3 on GA media (moderate)

ruby4.0-rubygem-rails-8.0-8.0.3-1.3 on GA media Announcement ID: openSUSE-SU-2026:10360-1 Rating: moderate Cross-References: CVE-2024-54133 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

2.3CVSS6.1AI score0.01009EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

MarkUs 安全漏洞

MarkUs is an open-source Ruby on Rails and React web application used for submitting and grading student assignments. Versions of MarkUs prior to 2.9.4 contained a security vulnerability due to the lack of size or item quantity limits when extracting zip files...

6.5CVSS5.8AI score0.0026EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/03/02 7:38 a.m.16 views

Ruby on Rails: ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection

A vulnerability was discovered in the ActiveStorage Disk Service component of Ruby on Rails. The vulnerability allowed an attacker to achieve arbitrary file write, read, and delete on the server's filesystem by injecting a malicious blob key. The vulnerability was due to insufficient validation o...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/06 10:37 p.m.7 views

CVE-2026-25757 Unauthenticated Spree Commerce users can view completed guest orders by Order ID

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...

8.7CVSS5.3AI score0.00441EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/02/05 8:36 a.m.238 views

Exploit for Path Traversal in Tuzitio Camaleon_Cms

Exploit-for-CVE-2024-46987 Exploit for CVE-2024-46987 usage:...

7.7CVSS5.6AI score0.1456EPSS
Exploits11
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Decidim 安全漏洞

Decidim is an open-source participatory democracy framework developed using Ruby on Rails. Versions of Decidim from 0.30.0 up to 0.30.4, as well as versions from 0.31.0.rc1 up to 0.31.0, have security vulnerabilities. These vulnerabilities stem from UUID collisions in the private data export...

8.2CVSS5.8AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/20 9:22 p.m.6 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/01/19 10:16 p.m.13 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

9.9CVSS0.00426EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/19 9:9 p.m.10 views

EUVD-2026-3281

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.6CVSS6AI score0.00426EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/19 9:9 p.m.4 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6AI score0.00426EPSS
Exploits0References5
OSV
OSV
added 2026/01/19 9:9 p.m.9 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS6.1AI score0.00426EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/19 9:9 p.m.21 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

6.4CVSS0.00426EPSS
Exploits0References5
CVE
CVE
added 2026/01/19 9:9 p.m.18 views

CVE-2026-23885

CVE-2026-23885 – AlchemyCMS RCE via eval in ResourcesHelper . The vulnerability affects AlchemyCMS (Ruby on Rails) prior to 7.4.12 and 8.0.3, where the code in Alchemy::ResourcesHelper#resource_url_proxy uses Ruby’s eval() on the value of resource_handler.engine_name. This string is sourced from ...

9.9CVSS6AI score0.00426EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/01/09 4:49 p.m.233 views

Exploit for Improper Access Control in Rubyonrails Web_Console

CVE-2015-3...

4.3CVSS7.1AI score0.44984EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.6 views

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

9.6CVSS7.3AI score0.00619EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:33 a.m.17 views

CVE-2024-39906

A command injection vulnerability was found in the IndieAuth functionality of the Ruby on Rails based Haven blog web application. The affected functionality requires authentication, but an attacker can craft a link that they can pass to a logged in administrator of the blog software. This leads t...

8.3CVSS8AI score0.01021EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 9:15 p.m.38 views

CVE-2026-22588

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...

6.5CVSS0.00371EPSS
Exploits1References5
OSV
OSV
added 2026/01/08 8:53 p.m.17 views

CVE-2026-22588 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference IDOR vulnerability was identified that allows an authenticated user to retrieve other users’ address information by modifying ...

6.5CVSS6.1AI score0.00371EPSS
Exploits1References7
Wolfi
Wolfi
added 2025/10/15 2:46 p.m.9 views

GHSA-R657-RXJC-J557 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, kube-fluentd-operator, ruby3.3-rack, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack, logstash, ruby3.2-rails, ruby3.4-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2025/10/15 2:11 p.m.29 views

CVE-2025-61780 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, ruby3.3-rails, ruby3.2-rack, ruby4.0-rack, ruby3.4-rack, gitlab-rails-ce, logstash, ruby3.3-rack, kube-fluentd-operator, ruby3.4-rails...

5.8CVSS6.1AI score0.00434EPSS
Exploits0
Rows per page
Query Builder