CVE-2023-23913 - DOM-based XSS in rails-ujs via Clipboard API and contenteditable
In February 2023, security researchers discovered a critical DOM-based Cross-Site Scripting (XSS) vulnerability in rails-ujs (Unobtrusive JavaScript adapter for Rails). This issue, tracked as CVE-2023-23913,
CVE-2023-27539 - Denial of Service in Rack Header Parsing – Explained and Exploited
Rack is a core library for handling HTTP requests in Ruby web frameworks like Rails, Sinatra, and others. In March 2023, security researchers discovered CVE-2023-27539,
CVE-2023-38037 - Danger in ActiveSupport::EncryptedFile – How Your Secret Files Could Leak to Other Users
ActiveSupport, part of the popular Rails framework, helps developers keep sensitive data safe by handling encrypted files. But in 2023, a serious security issue was
CVE-2023-28120 - Understanding and Exploiting the ActiveSupport `bytesplice` SafeBuffer Vulnerability
---
Introduction
In March 2023, a security vulnerability in Ruby on Rails' ActiveSupport component caught the attention of developers everywhere. Tagged as CVE-2023-28120, this
CVE-2025-0283 - Ivanti Connect Secure Stack-Based Buffer Overflow Leads to Local Privilege Escalation
This vulnerability is a stack-based buffer overflow, which means an attacker can write more data than expected into a program's memory—potentially overwriting
Episode
00:00:00
00:00:00