rubygems

965 tracked vulnerabilities.

CVE-2024-48652 MEDIUM
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
Oct 22, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-47889 MEDIUM
Rubygems Actionmailer < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-47888 MEDIUM
Rubygems Actiontext < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-47887 MEDIUM
Rubygems Actionpack < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-41128 MEDIUM
Rubygems Actionpack < 6.1.7.9 - Resource Allocation Without Limits
Oct 16, 2024
EPSS 0.01
CVE-2024-47529 MEDIUM
OpenC3 COSMOS < 5.19.0 - Cleartext Storage of Sensitive Information in LocalStorage
Oct 02, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-46977 MEDIUM
OpenC3 COSMOS < 5.19.0 - Authenticated Path Traversal via LocalMode open_local_file
Oct 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-43795 MEDIUM
OpenC3 COSMOS < 5.19.0 - Reflected Cross-Site Scripting in Login Functionality
Oct 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-41673 HIGH
Decidim < 0.27.8 - Cross-Site Scripting via Malformed URL in Version Control Feature
Oct 01, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-46488 MEDIUM
sqlite-vec 0.1.1 - Heap-based Buffer Overflow via npy_token_next
Sep 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-47220
WEBrick toolkit <1.8.1 - HTTP Request Smuggling
Sep 22, 2024
EPSS 0.00
CVE-2024-45614 MEDIUM
Puma < 5.6.9 - Authorization Bypass via Underscore Header Clobbering
Sep 19, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-7254 HIGH
Google Protobuf < 3.25.5 - Uncontrolled Recursion via Nested Groups
Sep 19, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-46987 HIGH
Camaleon CMS 2.8.0-2.8.1 - Authenticated Path Traversal via MediaController Download
Sep 18, 2024
CVSS 7.7
EPSS 0.15
CVE-2024-46986 CRITICAL NUCLEI
Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload
Sep 18, 2024
CVSS 9.9
EPSS 0.35
CVE-2024-8796 MEDIUM
Devise-Two-Factor >=2.2.0 <6.0.0 - Info Disclosure
Sep 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-39910 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting via QuillJS WYSIWYG Editor
Sep 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-32034 MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting in Admin Activity Log
Sep 16, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-45409 CRITICAL NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.11
CVE-2024-43791 HIGH
request_store 1.3.2 - Arbitrary Code Execution via World-Writable Files
Aug 23, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-43398 MEDIUM
REXML < 3.3.6 - Denial of Service via Deep XML Element Parsing
Aug 22, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-43380 MEDIUM
fugit < 1.11.1 - Uncontrolled Resource Consumption in Natural Parser
Aug 19, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-42360 CRITICAL
SequenceServer < 3.1.2 - OS Command Injection via HTTP Endpoint Parameters
Aug 14, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-41946 MEDIUM
REXML < 3.3.3 - Denial of Service via Entity Expansion in SAX2 or Pull Parser
Aug 01, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41123 MEDIUM
REXML < 3.2.7 and 3.3.0-3.3.2 - Denial of Service via Malformed XML Parsing
Aug 01, 2024
CVSS 5.3
EPSS 0.01