CVE-2026-47242 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, ruby3.2-rails, ruby3.4-rails, ruby3.3-rails...

RLSA-2026:20614 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

Oracle Linux 9 : ruby:3.3 (ELSA-2026-18030)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-18030 advisory. - Fix arbitrary code execution via deserialization bypass in ERB. CVE-2026-41316 Resolves: RHEL-171255 - Fix possible denial of service in resolv gem...

PT-2026-27907

Name of the Vulnerable Software and Affected Versions SimpLy Gallery versions n/a through 3.3.2 Description An improper validation of the specified quantity in input within the GalleryCreator SimpLy Gallery simply-gallery-block component allows access to functionality that is not properly...

PT-2026-3996

Name of the Vulnerable Software and Affected Versions SmartDataSoft Pool Services versions through 3.3 Description A Server-Side Request Forgery SSRF issue exists in SmartDataSoft Pool Services. This allows for Server Side Request Forgery. The issue is present in pool-services. Recommendations...

UBUNTU-CVE-2025-65865

An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-40751

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.3. Affected SIMATIC RTLS Locating Manager Report Clients do not properly protect credentials that are used to authenticate to the server. This could allow an authenticated local attacker to extract the credential...

CVE-2024-13295

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X- before 7.X-3.3...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 7.X- through 7.X-3.3 that stems from the inclusion of an untrusted data deserialization vulnerability...

SUSE CVE-2024-49761

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

UBUNTU-CVE-2024-41946

REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...

Northern.tech Mender security breach

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. for connected devices of any size. A security vulnerability exists in Northern.tech Mender that stems from the presence of faulty access control, resulting in an attacker privilege that can be escalated...

SUSE CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...

OpenCV Denial of Service Vulnerability (CNVD-2017-24178)

OpenCV is an open source, cross-platform, lightweight computer vision library. A denial of service vulnerability exists in OpenCV 3.3 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service CPU consumption...