CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

RedHat Linux•added 2026/05/07 6:0 p.m.•4 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References11

RedHat Linux•added 2026/05/07 5:29 p.m.•7 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

8.7CVSS5.8AI score0.00032EPSS

Exploits0References11

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter consumes significant memory when dealing with a string representation of a number in scientific notation with a large exponent...

7.5CVSS6.8AI score0.01386EPSS

Exploits0References2

Veracode•added 2026/03/28 5:31 a.m.•3 views

Denial Of Service (DoS)

Active Support is vulnerable to Denial of Service. The vulnerability is due to the acceptance of strings containing scientific notation by Active Support number helpers, where the conversion of these strings to extremely large decimal representations can cause excessive memory allocation and CPU...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References7Affected Software1

SUSE CVE•added 2026/03/25 12:23 a.m.•2 views

SUSE CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:13 a.m.•3 views

CVE-2026-33176

8.7CVSS5.8AI score0.00032EPSS

Exploits0References10

Snyk•added 2026/03/24 12:32 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NumberConverter. An attacker can cause excessive memory allocation by...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References2

NVD•added 2026/03/24 12:16 a.m.•4 views

CVE-2026-33176

8.7CVSS0.00032EPSS

Exploits0References7

OSV•added 2026/03/24 12:16 a.m.•1 views

DEBIAN-CVE-2026-33176

7.5CVSS4.7AI score0.00032EPSS

Exploits0References1

UbuntuCve•added 2026/03/24 12:16 a.m.•3 views

CVE-2026-33176

8.7CVSS5.9AI score0.00032EPSS

Exploits0References8

OSV•added 2026/03/24 12:16 a.m.•0 views

UBUNTU-CVE-2026-33176

8.7CVSS5.8AI score0.00032EPSS

Exploits0References9

ATTACKERKB•added 2026/03/23 11:29 p.m.•2 views

CVE-2026-33176

8.7CVSS5.8AI score0.00032EPSS

Exploits0References8Affected Software1

Cvelist•added 2026/03/23 11:29 p.m.•18 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

8.7CVSS0.00032EPSS

Exploits0References7

Vulnrichment•added 2026/03/23 11:29 p.m.•3 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

8.7CVSS5.8AI score0.00032EPSS

Exploits0References7

CVE•added 2026/03/23 11:29 p.m.•6 views

CVE-2026-33176

The connected advisory GHSA-2J26-FRM8-CMJ9 confirms a DoS in Rails Active Support number helpers: parsing strings with scientific notation (e.g., 1e10000) can expand to huge decimals, causing excessive memory and CPU usage. This is triggered during number formatting and may lead to DoS. Fixed rel...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References7Affected Software1

Debian CVE•added 2026/03/23 11:29 p.m.•5 views

CVE-2026-33176

8.7CVSS4.6AI score0.00032EPSS

Exploits0

OSV•added 2026/03/23 11:29 p.m.•1 views

CVE-2026-33176 Rails Active Support has a possible DoS vulnerability in its number helpers

8.7CVSS5.9AI score0.00032EPSS

Exploits0References9

Github Security Blog•added 2026/03/23 9:15 p.m.•4 views

Rails Active Support has a possible DoS vulnerability in its number helpers

Impact Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted,...

8.7CVSS5.2AI score0.00032EPSS

Exploits0References10Affected Software1

OSV•added 2026/03/23 9:15 p.m.•2 views

GHSA-2J26-FRM8-CMJ9 Rails Active Support has a possible DoS vulnerability in its number helpers

8.7CVSS6.6AI score0.00032EPSS

Exploits0References10

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27261

Name of the Vulnerable Software and Affected Versions Active Support versions prior to 8.1.2.1 Active Support versions prior to 8.0.4.1 Active Support versions prior to 7.2.3.1 Description Active Support number helpers are susceptible to a denial-of-service condition. The number helpers accept...

8.7CVSS6.6AI score0.00032EPSS

Exploits0References22

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by