| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-3756 | Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 | ABB | AC800M (System 800xA) | Medium | 6.5 | 2026-04-13 17:11:08 | Deep Dive |
| CVE-2026-39324 | Rack::Session::Cookie secrets: decrypt failure fallback enables secretless session forgery and Marshal deserialization | rack | rack-session | - | - | 2026-04-07 18:13:29 | Deep Dive |
| CVE-2026-26962 | Rack: Header injection in multipart requests | rack | rack | Medium | 4.8 | 2026-04-02 17:10:17 | Deep Dive |
| CVE-2026-34835 | Rack: `Rack::Request` accepts invalid Host characters, enabling host allowlist bypass. | rack | rack | Medium | 4.8 | 2026-04-02 17:09:07 | Deep Dive |
| CVE-2026-34827 | Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser | rack | rack | High | 7.5 | 2026-04-02 17:07:48 | Deep Dive |
| CVE-2026-32762 | Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing | rack | rack | Medium | 4.8 | 2026-04-02 17:06:51 | Deep Dive |
| CVE-2026-34830 | Rack: Rack::Sendfile regex injection via HTTP_X_ACCEL_MAPPING header allows arbitrary file reads through nginx | rack | rack | Medium | 5.9 | 2026-04-02 16:47:40 | Deep Dive |
| CVE-2026-34829 | Rack: Denial of Service via Unbounded Multipart File Upload Without Content-Length | rack | rack | High | 7.5 | 2026-04-02 16:46:47 | Deep Dive |
| CVE-2026-34826 | Rack: Unbounded Range Count in get_byte_ranges Enables DoS | rack | rack | Medium | 5.3 | 2026-04-02 16:45:54 | Deep Dive |
| CVE-2026-34786 | Rack: Rack::Static header_rules bypass via URL-encoded paths | rack | rack | Medium | 5.3 | 2026-04-02 16:45:00 | Deep Dive |
| CVE-2026-34785 | Rack: Local file inclusion in `Rack::Static` via URL Prefix Matching | rack | rack | High | 7.5 | 2026-04-02 16:44:17 | Deep Dive |
| CVE-2026-34763 | Rack: Rack::Directory info disclosure and DoS via unescaped regex interpolation | rack | rack | Medium | 5.3 | 2026-04-02 16:43:42 | Deep Dive |
| CVE-2026-34831 | Rack: Content-Length mismatch in Rack::Files error responses | rack | rack | Medium | 4.8 | 2026-04-02 16:43:09 | Deep Dive |
| CVE-2026-26961 | Rack: Multipart Boundary Parsing Ambiguity allowing WAF Bypass | rack | rack | Low | 3.7 | 2026-04-02 16:42:17 | Deep Dive |
| CVE-2026-34230 | Rack: Quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header | rack | rack | Medium | 5.3 | 2026-04-02 16:41:21 | Deep Dive |
| CVE-2026-25500 | Rack's Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href | rack | rack | Medium | 5.4 | 2026-02-18 18:59:32 | Deep Dive |
| CVE-2026-22860 | Rack has a Directory Traversal via Rack:Directory | rack | rack | High | 7.5 | 2026-02-18 18:45:02 | Deep Dive |
| CVE-2025-61919 | Rack is vulnerable to a memory-exhaustion DoS through unbounded URL-encoded body parsing | rack | rack | High | 7.5 | 2025-10-10 19:22:42 | Deep Dive |
| CVE-2025-61780 | Rack has Possible Information Disclosure Vulnerability | rack | rack | Medium | 5.8 | 2025-10-10 16:53:58 | Deep Dive |
| CVE-2025-61772 | Rack's multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion) | rack | rack | High | 7.5 | 2025-10-07 15:02:10 | Deep Dive |