14141 matches found
MAL-2025-9271 Malicious code in @ruby-team/sst-ui-commons (npm)
The package @ruby-team/sst-ui-commons was found to contain malicious code...
Malicious code in ping-api-ruby (npm)
The package ping-api-ruby was found to contain malicious code...
MAL-2025-32532 Malicious code in ruby-limiter (npm)
The package ruby-limiter was found to contain malicious code...
Malicious code in kafka-client-ruby (npm)
The package kafka-client-ruby was found to contain malicious code...
Malicious code in ruby-limiter (npm)
The package ruby-limiter was found to contain malicious code...
MAL-2025-29262 Malicious code in ping-api-ruby (npm)
The package ping-api-ruby was found to contain malicious code...
MAL-2025-34365 Malicious code in tableau_ruby (npm)
The package tableauruby was found to contain malicious code...
Malicious code in quota_tracker_ruby (npm)
The package quotatrackerruby was found to contain malicious code...
MAL-2025-32531 Malicious code in ruby-kafka-oauth-client (npm)
The package ruby-kafka-oauth-client was found to contain malicious code...
MAL-2025-24158 Malicious code in kafka-client-ruby (npm)
The package kafka-client-ruby was found to contain malicious code...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1941)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
Spree has Remote Command Execution vulnerability in search functionality
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
CVE-2011-10019
Spreecommerce before 0.60.2 is vulnerable to remote command execution via the search[send][] input, which is dynamically invoked using Ruby’s send method and not properly sanitized. This allows an unauthenticated attacker to execute arbitrary shell commands on the server. Affected component: sear...
CVE-2011-10019 Spreecommerce < 0.60.2 Search Parameter RCE
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...
Denial Of Service (DoS)
ruby-saml is vulnerable to Denial Of Service DoS. The vulnerability is due to improper order of validation checks due to the SAML response being validated for Base64 format before checking the configured message size, allowing potential resource exhaustion...
EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1967)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
Exploit for CVE-2025-54887
PoCCVE-2025-54887 This repository contains Proof-of-Concept...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2025-1941)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...