Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-34090
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public mee...
Decidim Decidim
6.1
CVSSv3
CVE-2023-32693
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote malicious user to exec...
Decidim Decidim
6.5
CVSSv3
CVE-2023-34246
Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, thei...
Doorkeeper Project Doorkeeper
8.8
CVSSv3
CVE-2023-34102
Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or appl...
Avohq Avo
Avohq Avo 3.0.0
5.4
CVSSv3
CVE-2023-34103
Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting (XSS) when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but ...
Avohq Avo
Avohq Avo 3.0.0
9.8
CVSSv3
CVE-2023-27849
rails-routes-to-json v1.0.0 exists to contain a remote code execution (RCE) vulnerability via the child_process function.
Rails-routes-to-json Project Rails-routes-to-json 1.0.0
6.1
CVSSv3
CVE-2023-30614
Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions before 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates...
Pay Project Pay
NA
CVE-2023-23913
Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting (CRS). This update also fixes a regression introduced in previous update that may block certain access for applicatio...
7.5
CVSSv3
CVE-2023-28846
Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upst...
Unpoly Unpoly-rails
NA
CVE-2023-28120
Description<!----> This CVE is under investigation by Red Hat Product Security.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »