| CVE-2026-33658 |
medium |
6.5 |
6.5 |
|
|
|
2mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte … |
| CVE-2026-33173 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the clien… |
| CVE-2026-33174 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, th… |
| CVE-2026-33202 |
medium |
— |
5.5 |
|
|
|
2mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys dir… |
