Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14147 matches found

Snyk
Snykadded 2025/03/12 7:28 p.m.2 views

Arbitrary Code Injection

Overview graphql is a plain-Ruby implementation of GraphQL. Affected versions of this package are vulnerable to Arbitrary Code Injection via the GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load processes. An attacker can execute arbitrary code by loading a crafted GraphQL schema...

9.2CVSS8.1AI score0.01361EPSS
Exploits2References2
NVD
NVDadded 2025/03/12 7:15 p.m.14 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.01361EPSS
Exploits2References11
OSV
OSVadded 2025/03/12 7:15 p.m.2 views

DEBIAN-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.1AI score0.01361EPSS
Exploits2References1
OSV
OSVadded 2025/03/12 7:15 p.m.1 views

UBUNTU-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS6.1AI score0.01361EPSS
Exploits2References12
Vulnrichment
Vulnrichmentadded 2025/03/12 6:15 p.m.16 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.4AI score0.01361EPSS
Exploits2References10
OSV
OSVadded 2025/03/12 6:15 p.m.15 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.2AI score0.01361EPSS
Exploits2References13
CVE
CVEadded 2025/03/12 6:15 p.m.271 views

CVE-2025-27407

CVE-2025-27407 concerns graphql-ruby: loading a malicious schema via GraphQL::Schema.from_introspection (or GraphQL::Schema::Loader.load) can lead to remote code execution. Affected versions are pre-patches: 1.11.5–1.11.7, 1.11.? (and 1.12.24, 1.13.23, 2.0.31, 2.1.13, 2.2.16, 2.3.20). Patches exi...

9CVSS9.4AI score0.01361EPSS
Exploits2References11
Debian CVE
Debian CVEadded 2025/03/12 6:15 p.m.47 views

CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS9.1AI score0.01361EPSS
Exploits2
Cvelist
Cvelistadded 2025/03/12 6:15 p.m.52 views

CVE-2025-27407 Remote code execution when loading a crafted GraphQL schema

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

9CVSS0.01361EPSS
Exploits2References10
OSV
OSVadded 2025/03/12 3:35 p.m.16 views

GHSA-9M3Q-RHMV-5Q44 Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

7.5CVSS7.5AI score0.00163EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/03/12 3:35 p.m.18 views

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

7.5CVSS6.8AI score0.00163EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2025/03/12 2:15 p.m.4 views

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS0.00163EPSS
Exploits0References3
OSV
OSVadded 2025/03/12 2:15 p.m.0 views

UBUNTU-CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS5.8AI score0.00163EPSS
Exploits0References4
OSV
OSVadded 2025/03/12 1:51 p.m.4 views

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS7.3AI score0.00163EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/03/12 1:51 p.m.12 views

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS0.00163EPSS
Exploits0References3
CVE
CVEadded 2025/03/12 1:51 p.m.261 views

CVE-2025-27788

The CVE-2025-27788 entry corresponds to a Ruby JSON parser vulnerability (CVE-2025-27788) with out-of-bounds read leading to crashes. In IBM’s advisory, the affected products are: IBM watsonx Assistant Cartridge (versions 4.0–5.2.0) and IBM watsonx Orchestrate with watsonx Assistant Cartridge – A...

7.5CVSS7.6AI score0.00163EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2025/03/12 1:51 p.m.8 views

CVE-2025-27788 Ruby JSON Parser has Out-of-bounds Read

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS7.6AI score0.00163EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2025/03/12 1:51 p.m.7 views

CVE-2025-27788

JSON is a JSON implementation for Ruby. Starting in version 2.10.0 and prior to version 2.10.2, a specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions prior to 2.10.0 are not vulnerable. Version 2.10.2 fixes the problem. No known workarounds are...

7.5CVSS7.3AI score0.00163EPSS
Exploits0
RubySec
RubySecadded 2025/03/12 12:0 a.m.11 views

Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses

Summary ruby-saml is susceptible to remote Denial of Service DoS with compressed SAML responses. Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before...

8.7CVSS9.3AI score0.06225EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2025/03/12 12:0 a.m.1 views

OneLogin ruby-saml 安全漏洞

Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A security vulnerability exists in ruby-saml versions prior to 1.12.4 and 1.18.0, which stems from an improper handling of compressed SAML responses and...

8.7CVSS8.5AI score0.06225EPSS
Exploits1References9
Rows per page
Query Builder