Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14147 matches found

RedHat Linux
RedHat Linuxadded 2025/05/06 2:33 a.m.1 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2025/05/06 2:20 a.m.5 views

Moderate: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.5CVSS6.7AI score0.00315EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2025/05/06 2:20 a.m.3 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References5
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.5 views

RHEL 9 : ruby:3.1 (RHSA-2025:4488)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4488 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.1AI score0.08032EPSS
Exploits0References17
Oracle linux
Oracle linuxadded 2025/05/06 12:0 a.m.23 views

ruby:3.1 security update

ruby 3.1.7-146 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55410 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-86077...

7.5CVSS7.8AI score0.08032EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.9 views

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1440)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00593EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.29 views

EulerOS 2.0 SP12 : ruby (EulerOS-SA-2025-1439)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously...

7.4CVSS7.2AI score0.00593EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.7 views

RHEL 9 : ruby:3.3 (RHSA-2025:4493)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4493 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.1AI score0.00315EPSS
Exploits0References9
Oracle linux
Oracle linuxadded 2025/05/06 12:0 a.m.66 views

ruby:3.3 security update

ruby 3.3.8-4 - Upgrade to Ruby 3.3.8. Resolves: RHEL-86933 - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves: RHEL-87182 - Fix userinfo leakage in URIjoin, URImerge and URI+. CVE-2025-27221...

7.5CVSS7.7AI score0.00315EPSS
Exploits0
OSV
OSVadded 2025/05/06 12:0 a.m.16 views

ALSA-2025:4488 Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

7.5CVSS6.8AI score0.08032EPSS
Exploits0References16
AlmaLinux
AlmaLinuxadded 2025/05/06 12:0 a.m.6 views

Moderate: ruby:3.1 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: DoS vulnerability in REXML CVE-2024-39908 rexml: rubygem-rexml: DoS when parsing an XML having many specific characters suc...

7.5CVSS6.5AI score0.08032EPSS
Exploits0References16
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.7 views

Oracle Linux 9 : ruby:3.1 (ELSA-2025-4488)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-4488 advisory. ruby 3.1.7-146 - Upgrade to Ruby 3.1.7. Resolves: RHEL-55410 - Fix DoS vulnerability in REXML. CVE-2024-39908 Resolves: RHEL-86077 Tenable has extracte...

7.5CVSS7.1AI score0.08032EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2025/05/06 12:0 a.m.5 views

RHEL 9 : ruby (RHSA-2025:4487)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:4487 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.3AI score0.00315EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2025/04/29 12:0 a.m.4 views

Rails Config File Detected

A Ruby on Rails configuration file have been detected on the target web application. These files may contain sensitive information which could assist an attack to conduct further attacks. No source data...

7AI score
Exploits0References1
OSV
OSVadded 2025/04/28 4:15 p.m.1 views

ALPINE-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS6.6AI score0.00393EPSS
Exploits0References1
OSV
OSVadded 2025/04/28 4:15 p.m.2 views

DEBIAN-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS6.2AI score0.00393EPSS
Exploits0References1
OSV
OSVadded 2025/04/28 4:15 p.m.1 views

UBUNTU-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS5.8AI score0.00393EPSS
Exploits0References3
CVE
CVEadded 2025/04/28 4:2 p.m.216 views

CVE-2025-43857

Net::IMAP for Ruby is vulnerable to denial of service via memory exhaustion when processing server responses containing a literal byte count. A malicious server can trigger the client’s receiver thread to allocate memory for the indicated size, potentially exhausting memory during any active conn...

6.5CVSS7AI score0.00393EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2025/04/28 4:2 p.m.21 views

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6CVSS0.00393EPSS
Exploits0References6
OSV
OSVadded 2025/04/28 4:2 p.m.6 views

CVE-2025-43857 net-imap rubygem vulnerable to possible DoS by memory exhaustion

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6CVSS6.4AI score0.00393EPSS
Exploits0References8
Rows per page
Query Builder