rubygems
965 tracked vulnerabilities.
CVE-2024-48652
MEDIUM
camaleon_cms 2.7.5 - Stored Cross-Site Scripting via Content Group Name Field
Oct 22, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-47889
MEDIUM
Rubygems Actionmailer < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-47888
MEDIUM
Rubygems Actiontext < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-47887
MEDIUM
Rubygems Actionpack < 6.1.7.9 - Denial of Service
Oct 16, 2024
EPSS 0.01
CVE-2024-41128
MEDIUM
Rubygems Actionpack < 6.1.7.9 - Resource Allocation Without Limits
Oct 16, 2024
EPSS 0.01
CVE-2024-47529
MEDIUM
OpenC3 COSMOS < 5.19.0 - Cleartext Storage of Sensitive Information in LocalStorage
Oct 02, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-46977
MEDIUM
OpenC3 COSMOS < 5.19.0 - Authenticated Path Traversal via LocalMode open_local_file
Oct 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-43795
MEDIUM
OpenC3 COSMOS < 5.19.0 - Reflected Cross-Site Scripting in Login Functionality
Oct 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-41673
HIGH
Decidim < 0.27.8 - Cross-Site Scripting via Malformed URL in Version Control Feature
Oct 01, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-46488
MEDIUM
sqlite-vec 0.1.1 - Heap-based Buffer Overflow via npy_token_next
Sep 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-47220
WEBrick toolkit <1.8.1 - HTTP Request Smuggling
Sep 22, 2024
EPSS 0.00
CVE-2024-45614
MEDIUM
Puma < 5.6.9 - Authorization Bypass via Underscore Header Clobbering
Sep 19, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-7254
HIGH
Google Protobuf < 3.25.5 - Uncontrolled Recursion via Nested Groups
Sep 19, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-46987
HIGH
Camaleon CMS 2.8.0-2.8.1 - Authenticated Path Traversal via MediaController Download
Sep 18, 2024
CVSS 7.7
EPSS 0.15
CVE-2024-46986
CRITICAL
NUCLEI
Camaleon CMS < 2.8.2 - Authenticated Arbitrary File Write via MediaController Upload
Sep 18, 2024
CVSS 9.9
EPSS 0.35
CVE-2024-8796
MEDIUM
Devise-Two-Factor >=2.2.0 <6.0.0 - Info Disclosure
Sep 17, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-39910
MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting via QuillJS WYSIWYG Editor
Sep 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-32034
MEDIUM
decidim < 0.27.7 - Stored Cross-Site Scripting in Admin Activity Log
Sep 16, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-45409
CRITICAL
NUCLEI
ruby-saml <=1.12.2 and 1.13.0-1.16.0 - Unauthenticated SAML Signature Verification Bypass
Sep 10, 2024
CVSS 10.0
EPSS 0.11
CVE-2024-43791
HIGH
request_store 1.3.2 - Arbitrary Code Execution via World-Writable Files
Aug 23, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-43398
MEDIUM
REXML < 3.3.6 - Denial of Service via Deep XML Element Parsing
Aug 22, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-43380
MEDIUM
fugit < 1.11.1 - Uncontrolled Resource Consumption in Natural Parser
Aug 19, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-42360
CRITICAL
SequenceServer < 3.1.2 - OS Command Injection via HTTP Endpoint Parameters
Aug 14, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-41946
MEDIUM
REXML < 3.3.3 - Denial of Service via Entity Expansion in SAX2 or Pull Parser
Aug 01, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41123
MEDIUM
REXML < 3.2.7 and 3.3.0-3.3.2 - Denial of Service via Malformed XML Parsing
Aug 01, 2024
CVSS 5.3
EPSS 0.01
Products
actionpack 63
rack 50
nokogiri 34
rubygems 25
rubygems-update 25
activerecord 23
puppet 23
activesupport 17
publify_core 15
passenger 14
rails-html-sanitizer 14
actionview 13
decidim 12
puma 12
camaleon_cms 11
fat_free_crm 11
rails 11
activestorage 10
net-imap 10
ruby-saml 10
jquery-rails 9
katello 8
openc3 8
rexml 8
bootstrap 7
bootstrap-sass 7
jquery-ui-rails 7
lodash-rails 7
spree 7
avo 6
Quick Filters