SUSE CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory's path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

ROS-20260216-73-0002

Vulnerability in rubygem-activesupport related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to escalate privileges...

MAL-2026-906 Malicious code in cucumber_json_schema (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6511110b5695ace5b67288aeb0800934628b5a510045ccf1f62c84011e73951 The OpenSSF Package Analysis project identified 'cucumberjsonschema' @ 90002.0 rubygems as malicious. It is considered malicious because: - The...

Malicious code in cucumber_json_schema (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f6511110b5695ace5b67288aeb0800934628b5a510045ccf1f62c84011e73951 The OpenSSF Package Analysis project identified 'cucumberjsonschema' @ 90002.0 rubygems as malicious. It is considered malicious because: - The...

Linux Distros Unpatched Vulnerability : CVE-2026-2302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

[SECURITY] Fedora 42 Update: rust-rbspy-0.34.1-4.fc42

Sampling CPU profiler for Ruby...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: rubygem-rack (UTSA-2026-005348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005348 advisory. Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via the Mongoid::Criteria.fromhash function. An attacker can execute arbitrary Ruby code by supplying a specially crafted Hash value. Remediation Upgrade mongoid to version 7.6.1, 8.0.12, 8.1.12, 9.0.10 or highe...

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

UBUNTU-CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

CVE-2026-2302 Unsafe Reflection in Mongoid::Criteria.from_hash

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.fromhash may allow for executing arbitrary Ruby code...

[SECURITY] Fedora 43 Update: rust-rbspy-0.34.1-4.fc43

Sampling CPU profiler for Ruby...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005310 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many s in an attribute value. Those...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005311 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name...

MongoDB Ruby Driver 安全漏洞

The MongoDB Ruby Driver is an open-source Ruby library developed by MongoDB. There is a security vulnerability in the MongoDB Ruby Driver, which may allow arbitrary Ruby code to be executed when processing specially crafted Hash r types...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005318 advisory. REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace...

PT-2026-7435

Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from hash may allow for executing arbitrary Ruby code...

CVE-2025-61594 affecting package ruby for versions less than 3.3.5-7

CVE-2025-61594 affecting package ruby for versions less than 3.3.5-7. A patched version of the package is available...