Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rubyonrails vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
383
VMScore
CVE-2015-7579
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Rubyonrails Html Sanitizer
445
VMScore
CVE-2015-1840
jquery_ujs.js in jquery-rails prior to 3.1.3 and 4.x prior to 4.0.4 and rails.js in jquery-ujs prior to 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote malicious users to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Rubyonrails Jquery-rails 4.0.0
Rubyonrails Jquery-rails
Rubyonrails Jquery-rails 4.0.1
Rubyonrails Jquery-ujs
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
436
VMScore
CVE-2015-3224
request.rb in Web Console prior to 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote malicious users to bypass the whitelisted_ips protection mechanism via a ...
Rubyonrails Web Console
1 EDB exploit
3 Github repositories
383
VMScore
CVE-2015-3226
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x prior to 4.1.11 and 4.2.x prior to 4.2.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Rubyonrails Ruby On Rails 3.2.14
Rubyonrails Rails 3.0.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.8
Rubyonrails Rails 3.1.0
Rubyonrails Rails 3.2.0
Rubyonrails Rails 3.2.7
Rubyonrails Rails 3.2.8
Rubyonrails Rails 3.2.9
Rubyonrails Rails 3.2.13
Rubyonrails Rails 3.2.15
Rubyonrails Rails 3.2.1
Rubyonrails Rails 3.2.5
Rubyonrails Rails 3.2.6
445
VMScore
CVE-2015-3227
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails prior to 4.1.11 and 4.2.x prior to 4.2.2, when JDOM or REXML is enabled, allow remote malicious users to cause a denial of service (SystemStackError) via a large XML document depth.
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.2.1
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 4.1.7
Rubyonrails Rails 4.1.8
Rubyonrails Rails 4.1.0
446
VMScore
CVE-2014-7829
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.21, 4.0.x prior to 4.0.12, 4.1.x prior to 4.1.8, and 4.2.x prior to 4.2.0.beta4, when serve_static_assets is enabled, allows remote malicious ...
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Rubyonrails Ruby On Rails 3.2.19
Rubyonrails Ruby On Rails 4.0.11
Rubyonrails Ruby On Rails 3.2.20
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.9
Rubyonrails Rails 4.1.1
445
VMScore
CVE-2014-3916
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string.
Rubyonrails Rails 1.9.3
Rubyonrails Rails 2.1.0
Rubyonrails Rails 2.0.0
384
VMScore
CVE-2014-7818
Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x prior to 3.2.20, 4.0.x prior to 4.0.11, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.0.beta3, when serve_static_assets is enabled, allows remote malicious ...
Rubyonrails Ruby On Rails 3.2.19
Rubyonrails Ruby On Rails 3.0.4
Rubyonrails Rails 3.0.0
Rubyonrails Rails 3.0.1
Rubyonrails Rails 3.0.2
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.0.6
Rubyonrails Rails 4.1.0
Rubyonrails Rails 4.1.2
Rubyonrails Rails 4.1.6
Rubyonrails Rails 4.2.0
Rubyonrails Rails 4.0.7
Rubyonrails Rails 4.0.8
Rubyonrails Rails 4.0.9
Rubyonrails Rails 4.1.1
Rubyonrails Rails 4.1.3
Rubyonrails Rails 4.1.4
Rubyonrails Rails 4.1.5
Rubyonrails Rails 3.0.10
Rubyonrails Rails 3.0.12
605
VMScore
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote malicious users to execute "add data" SQL commands via ve...
Rubyonrails Rails 4.0.0
Rubyonrails Rails 4.0.1
Rubyonrails Rails 4.0.2
Rubyonrails Rails 4.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »