CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14176 matches found

Oracle linux•added 2025/07/03 12:0 a.m.•6 views

ruby:3.3 security update

ruby 3.3.8-4 - Upgrade to Ruby 3.3.8. Resolves: RHEL-68632 - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 - Fix userinfo leakage in URIjoin, URImerge and URI+. CVE-2025-27221 rubygem-abrt 0.4.0-1 - Updat...

7.5CVSS6.5AI score0.00784EPSS

Exploits0

RedHat Linux•added 2025/07/02 2:32 p.m.•2 views

Moderate: Red Hat Security Advisory: ruby:3.3 security update

An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.7AI score0.00784EPSS

Exploits0References5

RedHat Linux•added 2025/07/02 2:32 p.m.•4 views

uri: userinfo leakage in URI#join, URI#merge and URI#+

A flaw was found in the URI ruby gem package, where userinfo leakage can occur in the uri gem. The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. When generating a URL to a malicious host from a URL containing secret userinfo using...

5.3CVSS5.8AI score0.00472EPSS

Exploits0References6

RedHat Linux•added 2025/07/02 2:32 p.m.•4 views

CGI: Denial of Service in CGI::Cookie.parse

A flaw was found in Ruby's CGI gem. Processing specially crafted large cookies with the CGI::Cookie.parse method can cause excessive resource consumption due to a missing limit on the length of the raw cookie value, resulting in a denial of service...

7.5CVSS5.7AI score0.00784EPSS

Exploits0References5

OSV•added 2025/07/02 12:0 a.m.•3 views

ALSA-2025:10217 Moderate: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion CVE-2025-25186 CGI: Denial of Service in CGI::Cookie.parse...

7.5CVSS6.3AI score0.00784EPSS

Exploits0References8

Tenable Nessus•added 2025/07/02 12:0 a.m.•4 views

RHEL 8 : ruby:3.3 (RHSA-2025:10217)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10217 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

7.5CVSS7.1AI score0.00784EPSS

Exploits0References10

AlmaLinux•added 2025/07/02 12:0 a.m.•2 views

Moderate: ruby:3.3 security update

7.5CVSS6.6AI score0.00784EPSS

Exploits0References8

Tenable Nessus•added 2025/06/30 12:0 a.m.•3 views

Oracle Linux 10 : ruby (ELSA-2025-8131)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8131 advisory. - Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. CVE-2025-25186 - Fix Denial of Service in CGI::Cookie.parse. CVE-2025-27219 Resolves:...

7.5CVSS7.1AI score0.00784EPSS

Exploits0References4

OSV•added 2025/06/27 1:16 p.m.•2 views

OESA-2025-1686 rubygem-rack security update

Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a single...

7.5CVSS6.8AI score0.01996EPSS

Exploits0References2

OSV•added 2025/06/27 1:16 p.m.•4 views

OESA-2025-1684 rubygem-rack security update

7.5CVSS6.8AI score0.01996EPSS

Exploits0References2

Tenable Nessus•added 2025/06/27 12:0 a.m.•13 views

Ruby WEBrick < 1.8.2 HTTP Request Smuggling

The version of the WEBrick Ruby library installed on the remote host is prior to 1.8.2. It is, therefore, affected by an HTTP request smuggling vulnerability in the readheader. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick...

6.5CVSS6.8AI score0.00422EPSS

Exploits0References3

OSV•added 2025/06/26 9:31 p.m.•3 views

GHSA-R995-Q44H-HR64 Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

6.5CVSS6.9AI score0.00422EPSS

Exploits0References5

Github Security Blog•added 2025/06/26 9:31 p.m.•11 views

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

6.5CVSS6.9AI score0.00422EPSS

Exploits0References5Affected Software1

Tenable Nessus•added 2025/06/26 12:0 a.m.•3 views

Ruby Gem Modules Installed (macOS)

Binary data rubygemmodulesmacosinstalled.nbin...

7.3AI score

Exploits0References1

RubySec•added 2025/06/26 12:0 a.m.•12 views

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

6.5CVSS7AI score0.00422EPSS

Exploits0References1Affected Software1

Gitee•added 2025/06/25 11:17 p.m.•93 views

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The primary CVE ID is not explicitly mentioned, but it is likely related to the Metasploit Framework itself. The target product/service or framework is Metasploit Framework, a penetration testing platform. The vulnerability class/vect...

7.9AI score

Exploits0