Where
-Infinity
0

Trending

Last week
Last month
Last year

rubygems/rackRack: Header injection in multipart requests

Risk 40
Severity
6.5
First published (updated )
CVE-2026-26962

rubygems/rackRack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass.

Risk 40
Severity
6.5
First published (updated )
CVE-2026-34835

rubygems/rackRack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34827

rubygems/rackRack: Forwarded Header semicolon injection enables Host and Scheme spoofing

Risk 40
Severity
6.5
First published (updated )
CVE-2026-32762

rubygems/rackRack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34830
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack: Denial of Service via Unbounded Multipart File Upload Without Content-Length

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34829

rubygems/rackRack: Unbounded Range Count in get_byte_ranges Enables DoS

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34826

rubygems/rackRack: Rack::Static header_rules bypass via URL-encoded paths

Risk 27
Severity
5.3
First published (updated )
CVE-2026-34786

rubygems/rackRack: Local file inclusion in `Rack::Static` via URL Prefix Matching

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34785

rubygems/rackRack: Rack::Directory info disclosure and DoS via unescaped regex interpolation

Risk 27
Severity
5.3
First published (updated )
CVE-2026-34763
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack: Content-Length mismatch in Rack::Files error responses

Risk 40
Severity
6.5
First published (updated )
CVE-2026-34831

rubygems/rackRack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass

Risk 27
Severity
5.3
First published (updated )
CVE-2026-26961

rubygems/rackRack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Risk 43
Severity
7.5
First published (updated )
CVE-2026-34230

rubygems/rackRack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href

Risk 25
Severity
5.4
EPSS
0.03%
First published (updated )
CVE-2026-25500

rubygems/rackRack has a Directory Traversal via Rack:Directory

Risk 43
Severity
7.5
First published (updated )
CVE-2026-22860
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61919

rubygems/rackRack has Possible Information Disclosure Vulnerability

Risk 31
Severity
5.8
First published (updated )
CVE-2025-61780

Rack Rack RubyRack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61772

Rack Rack RubyRack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61771

Rack Rack RubyRack's unbounded multipart preamble buffering enables DoS (memory exhaustion)

Risk 43
Severity
7.5
First published (updated )
CVE-2025-61770
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Rack RackRack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters

Risk 43
Severity
7.5
First published (updated )
CVE-2025-59830

rubygems/rackUnbounded-Parameter DoS in Rack::QueryParser

Risk 31
Severity
7.5
EPSS
1.09%
First published (updated )
CVE-2025-46727

rubygems/rackLocal File Inclusion in Rack::Static

Risk 31
Severity
7.5
EPSS
0.07%
First published (updated )
CVE-2025-27610

rubygems/rackPossible Denial of Service Vulnerability in Rack Header Parsing

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-26146

rubygems/rackPossible DoS Vulnerability with Range Header in Rack

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-26141
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

rubygems/rackRack ReDos in content type parsing (2nd degree polynomial)

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-25126

rubygems/rackLast updated 26 September 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2022-44571

rubygems/rackLast updated 26 September 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2022-44570

rubygems/rackLast updated 26 September 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2022-44572

redhat/ansible-runnerPossible Information Leak / Session Hijack Vulnerability in Rack

Risk 38
Severity
6.3
First published (updated )
CVE-2019-16782
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203