Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Oct 10

CVE-2025-61921 (sinatra): Sinatra is vulnerable to ReDoS through ETag header value generation

posted in •

Oct 10

CVE-2025-61919 (rack): Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

posted in •

Oct 10

CVE-2025-61780 (rack): Rack has a Possible Information Disclosure Vulnerability

posted in •

Oct 07

CVE-2025-61772 (rack): Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

posted in •

Oct 07

CVE-2025-61771 (rack): Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

posted in •

Oct 07

CVE-2025-61770 (rack): Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

posted in •

Oct 07

CVE-2025-61594 (uri): CVE-2025-61594 - URI Credential Leakage Bypass over CVE-2025-27221

posted in •

Sep 25

CVE-2025-59830 (rack): Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

posted in •

Sep 17

CVE-2025-58767 (rexml): REXML has DoS condition when parsing malformed XML file

posted in •

Aug 29

CVE-2025-58067 (google_sign_in): Google Sign-In for Rails allowed redirect to protocol-relative URI

posted in •