Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14178 matches found

RubySec
RubySecadded 2024/08/28 12:0 a.m.19 views

SAML authentication bypass via Incorrect XPath selector

Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrar...

10CVSS7.2AI score0.10684EPSS
Exploits2References1Affected Software1
Redos
Redosadded 2024/08/28 12:0 a.m.13 views

ROS-20240827-19

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during the generation of a of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Rub...

6.1CVSS6.1AI score0.01119EPSS
Exploits1
Redos
Redosadded 2024/08/28 12:0 a.m.19 views

ROS-20240827-04

A vulnerability in the CGI component of the Ruby programming language is related to the occurrence of an interpretation conflict when inserting unreliable input data into HTTP response header. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data...

8.8CVSS7.2AI score0.02287EPSS
Exploits1
Redos
Redosadded 2024/08/28 12:0 a.m.13 views

ROS-20240827-18

Vulnerability of the actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb file of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...

5.4CVSS6.3AI score0.0068EPSS
Exploits1
Redos
Redosadded 2024/08/28 12:0 a.m.11 views

ROS-20240827-03

Vulnerability of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...

5.4CVSS6.3AI score0.0068EPSS
Exploits1
Redos
Redosadded 2024/08/28 12:0 a.m.20 views

ROS-20240827-06

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during the generation of a of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Rub...

6.1CVSS6.2AI score0.01119EPSS
Exploits1
Redos
Redosadded 2024/08/28 12:0 a.m.13 views

ROS-20240827-20

The vulnerability in the Ruby interpreter is related to improper neutralization of input data during generation of the of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Ruby...

6.1CVSS6.1AI score0.01119EPSS
Exploits1
Redos
Redosadded 2024/08/26 12:0 a.m.32 views

ROS-20240826-12

Vulnerability of Ruby programming language components rfc2396parser.rb and rfc3986parser.rb is related to incorrect implementation of processing invalid URLs. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability in the URI component of th...

5.3CVSS7.2AI score0.02637EPSS
Exploits0
Redos
Redosadded 2024/08/26 12:0 a.m.26 views

ROS-20240826-09

The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...

5.3CVSS7.1AI score0.02637EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2024/08/26 12:0 a.m.31 views

CBL Mariner 2.0 Security Update: ruby (CVE-2024-27282)

The version of ruby installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27282 advisory. - An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex...

6.6CVSS7.5AI score0.00629EPSS
Exploits0References2
CBLMariner
CBLMarineradded 2024/08/25 3:13 p.m.17 views

CVE-2024-27281 affecting package ruby for versions less than 3.3.3-1

CVE-2024-27281 affecting package ruby for versions less than 3.3.3-1. An upgraded version of the package is available that resolves this issue...

4.5CVSS7.1AI score0.01571EPSS
Exploits0
CBLMariner
CBLMarineradded 2024/08/25 3:13 p.m.23 views

CVE-2024-35176 affecting package ruby for versions less than 3.3.3-1

CVE-2024-35176 affecting package ruby for versions less than 3.3.3-1. An upgraded version of the package is available that resolves this issue...

5.3CVSS6.9AI score0.02064EPSS
Exploits1
CBLMariner
CBLMarineradded 2024/08/25 3:13 p.m.11 views

CVE-2024-27282 affecting package ruby for versions less than 3.3.3-1

CVE-2024-27282 affecting package ruby for versions less than 3.3.3-1. An upgraded version of the package is available that resolves this issue...

6.6CVSS7AI score0.00629EPSS
Exploits0
OSV
OSVadded 2024/08/23 11:8 a.m.5 views

OESA-2024-2038 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an...

7.5CVSS6.8AI score0.01192EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2024/08/23 2:27 a.m.4 views

SUSE CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

7.5CVSS6.8AI score0.01205EPSS
Exploits0References10
Redos
Redosadded 2024/08/23 12:0 a.m.22 views

ROS-20240823-02

A vulnerability in the Host Authorization Middleware Action Pack component of the Ruby on Rails software platform is related to the creation of "X-Forwarded-Host" headers in combination with certain "authorized host" formats. host." Exploitation of the vulnerability could allow an attacker acting...

6.1CVSS6.7AI score0.04182EPSS
Exploits0
Chainguard
Chainguardadded 2024/08/22 4:40 p.m.8 views

GHSA-VMWR-MC7X-5VC3 vulnerabilities

Vulnerabilities for packages: ruby3.4-fluentd-kubernetes-daemonset, ruby3.2-fluentd-kubernetes-daemonset, jruby, ruby3.1-fluentd-kubernetes-daemonset, kube-fluentd-operator, ruby3.2-rexml, ruby3.3-fluentd-kubernetes-daemonset, ruby...

5.2AI score
Exploits0
OSV
OSVadded 2024/08/22 3:15 p.m.2 views

AZL-48150 CVE-2024-43398 affecting package ruby for versions less than 3.1.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.5AI score0.01205EPSS
Exploits0References1
OSV
OSVadded 2024/08/22 3:15 p.m.4 views

AZL-48162 CVE-2024-43398 affecting package ruby for versions less than 3.3.5-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.5AI score0.01205EPSS
Exploits0References1
OSV
OSVadded 2024/08/22 3:15 p.m.3 views

ALPINE-CVE-2024-43398

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

5.9CVSS6.8AI score0.01205EPSS
Exploits0References1
Rows per page
Query Builder