Vulnerabilidades em rails
45 resultadosCVE-2024-47889MEDIUMAction Mailer has possible ReDoS vulnerability in block_formatEPSS 0.9%CVE-2023-28120MEDIUMThere is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.EPSS 0.9%CVE-2022-23518MEDIUMImproper neutralization of data URIs allows XSS in rails-html-sanitizerEPSS 0.9%CVE-2024-28103MEDIUMAction Pack is missing security headers on non-HTML responsesEPSS 0.7%CVE-2026-33202MEDIUMRails Active Storage has possible glob injection in its DiskServiceEPSS 0.6%CVE-2023-23913MEDIUMThere is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are asEPSS 0.6%CVE-2026-33176MEDIUMRails Active Support has a possible DoS vulnerability in its number helpersEPSS 0.6%CVE-2026-33174MEDIUMRails Active Storage has a possible DoS vulnerability when in proxy mode via Range requestsEPSS 0.6%CVE-2026-33195HIGHRails Active Storage has possible Path Traversal in DiskServiceEPSS 0.6%CVE-2024-53985LOWPossible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0EPSS 0.6%CVE-2025-55193LOWActive Record logging vulnerable to ANSI escape injectionEPSS 0.5%CVE-2023-27531MEDIUMThere is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization codeEPSS 0.5%CVE-2026-33168LOWRails has a possible XSS vulnerability in its Action View tag helpersEPSS 0.5%CVE-2026-33169MEDIUMRails Active Support has a possible ReDoS vulnerability in number_to_delimitedEPSS 0.5%CVE-2024-53989LOWPossible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0EPSS 0.5%CVE-2024-53986LOWPossible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0EPSS 0.5%CVE-2026-33658LOWRails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requestsEPSS 0.4%CVE-2024-32464MEDIUMActionText ContentAttachment can Contain Unsanitized HTMLEPSS 0.4%CVE-2024-53988LOWPossible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0EPSS 0.4%CVE-2024-53987LOWPossible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0EPSS 0.4%