Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how rack compares to other vendors in security performance

View Risk Score →

rubygems/rack-sessionRack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization

Risk 86
Severity
9.3
First published (updated )
CVE-2026-39324

rubygems/rackRack: Header injection in multipart requests

Risk 40
Severity
6.5
First published (updated )
CVE-2026-26962

rubygems/rackRack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

Risk 40
Severity
6.5
First published (updated )
CVE-2026-34835

rubygems/rackRack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34827

rubygems/rackRack: Forwarded Header semicolon injection enables Host and Scheme spoofing

Risk 40
Severity
6.5
First published (updated )
CVE-2026-32762
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34830

rubygems/rackRack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34829

rubygems/rackRack: Unbounded Range Count in get_byte_ranges Enables DoS

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34826

rubygems/rackRack: Rack::Static header_rules bypass via URL-encoded paths

Risk 27
Severity
5.3
First published (updated )
CVE-2026-34786

rubygems/rackRack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34785
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack: Rack::Directory info disclosure and DoS via unescaped regex interpolation

Risk 27
Severity
5.3
First published (updated )
CVE-2026-34763

rubygems/rackRack: Content-Length mismatch in Rack::Files error responses

Risk 40
Severity
6.5
First published (updated )
CVE-2026-34831

rubygems/rackRack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Risk 27
Severity
5.3
First published (updated )
CVE-2026-26961

rubygems/rackRack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34230

rubygems/rackRack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-25500
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack has a Directory Traversal via Rack:Directory

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22860

Rack RackRack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Req…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2403180

rubygems/rackRack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61919

rubygems/rackRack has Possible Information Disclosure Vulnerability

Risk 31
Severity
5.8
First published (updated )
CVE-2025-61780

Rack RackRack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2402200
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Rack Rack RubyRack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61772

Rack RackRack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::…

Risk 33
Severity
7
First published (updated )
REDHAT-BUG-2402174

Rack Rack RubyRack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61771

Rack Rack RubyRack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61770

Rack RackRack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2398167
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Rack RackRack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

Risk 43
Severity
7.5
First published (updated )
CVE-2025-59830

Rack RackReDoS Vulnerability in Rack::Multipart handle_mime_head

Risk 28
Severity
6.6
EPSS
0.06%
First published (updated )
CVE-2025-49007

rubygems/rackUnbounded-Parameter DoS in Rack::QueryParser

Risk 31
Severity
7.5
EPSS
1.09%
First published (updated )
CVE-2025-46727

Rack RackRack session gets restored after deletion

Risk 29
Severity
4.2
First published (updated )
CVE-2025-32441

rubygems/rackLocal File Inclusion in Rack::Static

Risk 31
Severity
7.5
EPSS
0.07%
First published (updated )
CVE-2025-27610
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203