Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Feb 10

GHSA-q66h-m87m-j2q6 (bitcoinrb): Bitcoinrb Vulnerable to Command injection via RPC

posted in •

Feb 09

CVE-2026-25765 (faraday): Faraday affected by SSRF via protocol-relative URL host override in build_exclusive_url

posted in •

Feb 06

GHSA-w67g-2h6v-vjgq (phlex): Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

posted in •

Feb 05

GHSA-p6pv-q7rc-g4h9 (spree_storefront): Unauthenticated Spree Commerce users can view completed guest orders by Order ID

posted in •

Feb 05

GHSA-87fh-rc96-6fr6 (spree_api): Unauthenticated Spree Commerce users can access all guest addresses

posted in •

Feb 05

CVE-2026-25758 (spree_api): Unauthenticated Spree Commerce users can access all guest addresses

posted in •

Feb 05

CVE-2026-25757 (spree_storefront): Unauthenticated Spree Commerce users can view completed guest orders by Order ID

posted in •

Feb 03

CVE-2025-65017 (decidim): Decidim's private data exports can lead to data leaks

posted in •

Feb 02

CVE-2026-1531 (foreman_kubevirt): foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

posted in •

Feb 02

CVE-2026-1530 (fog-kubevirt): fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

posted in •