CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14164 matches found

Prion•added 2024/02/28 8:15 p.m.•24 views

Cross site scripting

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

5.8CVSS5AI score0.03316EPSS

Exploits1References6

CVE•added 2024/02/28 7:22 p.m.•146 views

CVE-2024-27285

CVE-2024-27285 affects YARD, a Ruby documentation generator. The vulnerability lies in the generated frames.html, where inadequate sanitization in the JavaScript of the frames.erb template allowed Cross-Site Scripting (XSS). Public advisories (Debian, Fedora, Ubuntu, NVD) attribute the issue to Y...

6.1CVSS5.2AI score0.03316EPSS

Exploits1References7Affected Software1

Debian CVE•added 2024/02/28 7:22 p.m.•19 views

CVE-2024-27285

6.1CVSS5.1AI score0.03316EPSS

Exploits1

OSV•added 2024/02/28 7:22 p.m.•28 views

CVE-2024-27285 YARD's default template vulnerable to Cross-site Scripting in generated frames.html

5.4CVSS5.8AI score0.03316EPSS

Exploits1References9

Veracode•added 2024/02/28 7:42 a.m.•22 views

Regular Expression Denial Of Service (ReDoS)

Rails is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability is due to inefficient parsing of the Accept header, specifically due to the regular expression used to separate parameters. This potentially leads to Denial of Service DoS attacks. Note that this vulnerability is...

7.5CVSS7AI score0.03542EPSS

Exploits0References6Affected Software1

OSV•added 2024/02/27 9:41 p.m.•42 views

GHSA-JJHX-JHVP-74WQ Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

Possible ReDoS vulnerability in Accept header parsing in Action Dispatch There is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-26142. Versions Affected: = 7.1.0, 7.1.3.1 Not affected: 7.1....

7.5CVSS6.3AI score0.03542EPSS

Exploits0References6

Github Security Blog•added 2024/02/27 9:41 p.m.•31 views

Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch

7.5CVSS6.8AI score0.03542EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2024/02/27 6:32 p.m.•35 views

CVE-2024-26143

A vulnerability was found in actionpack ruby gem. Applications using the translate method may be susceptible to a cross-site scripting XSS attack...

4.1CVSS6.1AI score0.02067EPSS

Exploits1References4

NVD•added 2024/02/27 4:15 p.m.•14 views

CVE-2024-26142

Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are...

7.5CVSS7.5AI score0.03542EPSS

Exploits0References5

OSV•added 2024/02/27 4:15 p.m.•1 views

UBUNTU-CVE-2024-26142

7.5CVSS6AI score0.03542EPSS

Exploits0References7

UbuntuCve•added 2024/02/27 4:15 p.m.•24 views

CVE-2024-26142

7.5CVSS6.5AI score0.03542EPSS

Exploits0References6

OSV•added 2024/02/27 4:15 p.m.•0 views

UBUNTU-CVE-2024-26143

Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "html", a :default key which contains untrusted user input, and th...

6.1CVSS6AI score0.02067EPSS

Exploits1References9

Prion•added 2024/02/27 4:15 p.m.•16 views

Design/Logic Flaw

5CVSS7AI score0.03542EPSS

Exploits0References4

Cvelist•added 2024/02/27 3:25 p.m.•18 views

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

7.5CVSS7.7AI score0.03542EPSS

Exploits0References5

Vulnrichment•added 2024/02/27 3:25 p.m.•15 views

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

7.5CVSS7.1AI score0.03542EPSS

Exploits0References5

Debian CVE•added 2024/02/27 3:25 p.m.•17 views

CVE-2024-26142

7.5CVSS6.5AI score0.03542EPSS

Exploits0

OSV•added 2024/02/27 3:25 p.m.•32 views

CVE-2024-26142 Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch

7.5CVSS6.5AI score0.03542EPSS

Exploits0References7

RedhatCVE•added 2024/02/26 9:3 p.m.•27 views

CVE-2024-27456

An insecure file permission flaw was found in rack-cors. The permissions for .rb files distributed with rack-cors ruby gem are set to 0666 by default, which may allow users with low privileges to edit files. This issue impacts integrity, confidentiality, and availability...

7.8CVSS6.8AI score0.00152EPSS

Exploits1References3

OSV•added 2024/02/26 4:28 p.m.•2 views

CVE-2024-27456

rack-cors aka Rack CORS Middleware 2.0.1 has 0666 permissions for the .rb files...

9.1CVSS8.6AI score

Exploits0References1

Positive Technologies•added 2024/02/26 12:0 a.m.•3 views

PT-2024-1854 · Rack-Cors · Rack-Cors

Name of the Vulnerable Software and Affected Versions: rack-cors aka Rack CORS Middleware version 2.0.1 Description: The issue is related to incorrectly used standard permissions in the Rack CORS Middleware, which may allow an attacker to impact the integrity, confidentiality, and availability of...

9.1CVSS6.8AI score0.00152EPSS

Exploits1References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by