Malicious code in message_gateway (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2781d258b292d5959839a52e0e940040defaae1ecbb1293c0d149dc5f6faf110 The OpenSSF Package Analysis project identified 'messagegateway' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The packag...

osx-security-awesome

It is an offensive tool for collecting and categorizing OSX and iOS security resources. The primary CVE ID is not present in the provided context. The target product/service or framework is not explicitly stated, but the tool appears to be collecting resources related to OSX and iOS security. The...

Exploit for OS Command Injection in Gnu Bash

This is an extension for Burp Suite, a web application security testing tool. The extension, named "ActiveScan++", extends Burp's active and passive scanning capabilities to identify application behavior that may be of interest to advanced testers. It includes checks for potential host header...

Exploit for CVE-2010-1485

PoC exploit for CVE-2010-1485, Exploit module/toolkit targeting XXE vulnerability. The target product/service or framework is unspecified, but the tool is designed to automate exploitation of XXE vulnerabilities in various applications. The vulnerability class/vector is XXE XML eXternal Entity. T...

NewStart CGSL MAIN 7.02 : ruby Multiple Vulnerabilities (NS-SA-2025-0116)

The remote NewStart CGSL host, running version MAIN 7.02, has ruby packages installed that are affected by multiple vulnerabilities: - A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increa...

CLSA-2025-1753375058 ruby: Fix of CVE-2024-27281

CVE-2024-27281: fix object injection and remote code execution in .rdocoptions and documentation cache loading...

GHSA-353F-X4GH-CQQ8 vulnerabilities

Vulnerabilities for packages: ruby3.3-rails, ruby3.2-rails, ruby3.4-rails, logstash...

OPENSUSE-SU-2025:15382-1 ruby3.4-rubygem-thor-1.4.0-1.1 on GA media

These are all security issues fixed in the ruby3.4-rubygem-thor-1.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-7664-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7366-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20250724-06

A vulnerability in the Ruby websocket-extensions module that supports the implementation of WebSocket extensions is related to spending quadratic time parsing a header containing an unclosed string parameter value, which is a repeating two-byte sequence of backslash and some of backslash and some...

GHSA-353F-X4GH-CQQ8 vulnerabilities

Vulnerabilities for packages: ruby3.2-rails, gitlab-rails-ce, ruby3.3-rails, gitlab-rails-ce-fips, logstash, ruby3.4-rails...

Ubuntu: Security Advisory (USN-7659-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-65613 CVE-2025-54314 affecting package rubygem-thor 1.2.1-1

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."...

Thor 操作系统命令注入漏洞

Thor is a Ruby on Rails open source toolkit for building command line interfaces. An operating system command injection vulnerability exists in versions of Thor prior to 1.4.0, which stems from constructing insecure shell commands from library input and could lead to command injection...

CVE-2025-49828

Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted formerly known as Conjur Enterprise 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker who can inject secre...

The vulnerability of the Ruby on Rails software platform, related to improper authentication, allows a hacker to trigger a service failure.

The vulnerability of the Ruby on Rails software platform is related to improper authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the Ruby on Rails software platform, related to the， CSRF token。

The vulnerability of the Ruby on Rails software platform is related to the manipulation of inter-site requests in the authenticitytoken metagestion. Exploiting this vulnerability allows a malicious actor to forge the valid CSRF token remotely...

The vulnerability of the Ruby on Rails software platform, related to the manipulation of cross-site requests, allows attackers to send CSRF tokens to incorrect domains.

The vulnerability of the Ruby on Rails software platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely send CSRF tokens to incorrect domains...

GHSA-XH69-987W-HRP8 vulnerabilities

Vulnerabilities for packages: ruby, jruby...