Sam Saffron

4 exploits Active since Jul 2015
CVE-2016-4442 WRITEUP MEDIUM WRITEUP
Rack-Mini-Profiler <0.10.1 - Info Disclosure
The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.
CVSS 5.3
CVE-2026-27935 WRITEUP MEDIUM WRITEUP
Discourse leaks private topic metadata to non-authorized users
Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a vulnerability in an API endpoint that discloses private topic metadata of admin users to moderator users even if the moderators do not have access to the private topics. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.
CVSS 6.5
CVE-2015-5147 WRITEUP WRITEUP
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2020-26298 WRITEUP MEDIUM WRITEUP
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVSS 6.8