Whoops, I couldn't find that page - RubySec

You may want to try a search above, or [visit the homepage](/). Also, here are some recent posts:

Feb 02

CVE-2026-1531 (foreman_kubevirt): foreman_kubevirt disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set

posted in •

Feb 02

CVE-2026-1530 (fog-kubevirt): fog-kubevirt allows remote attacker to perform MITM attack due to disabled certificate validation

posted in •

Jan 21

CVE-2026-23885 (alchemy_cms): AlchemyCMS - Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

posted in •

Jan 13

CVE-2025-68271 (openc3): openc3-api Vulnerable to Unauthenticated Remote Code Execution

posted in •

Jan 08

GHSA-96qw-h329-v5rg (shakapacker): Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles

posted in •

Jan 08

CVE-2026-22589 (spree_core): Spree API has Unauthenticated IDOR - Guest Address

posted in •

Jan 08

CVE-2026-22588 (spree_api): Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification

posted in •

Dec 31

GHSA-g9jg-w8vm-g96v (action_text-trix): Trix has a stored XSS vulnerability through its attachment attribute

posted in •

Dec 23

CVE-2025-68696 (httparty): httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage

posted in •

Dec 18

CVE-2025-14762 (aws-sdk-s3): AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue

posted in •