Every CVE whose affected-product data names Phusion Passenger, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2018-12026 — CVSS 9.8 (critical): During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such…
CVE-2018-12027 — CVSS 8.8 (high): An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following…
CVE-2018-12028 — CVSS 7.8 (high): An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious…
CVE-2016-10345 — CVSS 7.8 (high): In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local…
CVE-2012-6135 — CVSS 7.5 (high): RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
CVE-2018-12029 — CVSS 7.0 (high): A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a…
CVE-2025-26803 — CVSS 5.3 (medium): The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an…
CVE-2018-12615 — CVSS 5.3 (medium): An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups…
CVE-2017-16355 — CVSS 4.7 (medium): In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if…
CVE-2013-2119 — CVSS 4.6 (medium): Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application…
CVE-2013-4136 — CVSS 4.4 (medium): ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the…
CVE-2014-1832 — CVSS 2.1 (low): Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a…
CVE-2014-1831 — CVSS 2.1 (low): Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1)…