Lucene search
K

694 matches found

Photon
Photon
added 2026/06/30 12:0 a.m.12 views

Important Photon OS Security Update - PHSA-2026-5.0-0911

Updates of 'rubygem-faraday', 'python3-mistune', 'rubygem-nokogiri', 'python3-urllib3' packages of Photon OS have been released...

2.6CVSS5.9AI score0.00166EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/29 8:44 a.m.8 views

CVE-2026-57436

A flaw was found in Nokogiri, an open-source library used for processing XML and HTML documents. This vulnerability occurs due to insufficient validation when setting the document's root element, allowing a malicious document to trigger a memory error. This can lead to a heap use-after-free,...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 8:44 a.m.6 views

CVE-2026-57434

A flaw was found in Nokogiri, an open source XML and HTML library for the Ruby programming language. A remote attacker could exploit this vulnerability by calling specific methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This could lead to a NUL...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 8:43 a.m.5 views

CVE-2026-57235

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability allows an attacker to trigger an out-of-bounds read by providing a specially crafted large negative index to certain methods. This can lead to a denial of service DoS by crashing the application on CRuby, or by...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 8:39 a.m.6 views

CVE-2026-57435

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This use-after-free vulnerability occurs when replacing the value of an XML attribute. If a Ruby wrapper already points to the attribute's child node, the underlying native child node can be freed while the wrapper remains accessible...

7.5CVSS5.7AI score0.00357EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by...

6.6CVSS6AI score0.00093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default f...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the...

8.2CVSS6AI score0.00331EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-57437

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-57436

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new roo...

6.3CVSS6AI score0.00312EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri's CRuby native extension could leave a Ruby wrapper...

7.5CVSS6.1AI score0.00357EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on...

7.5CVSS6AI score0.00357EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-57236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a...

8.2CVSS6AI score0.00331EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 9:31 p.m.9 views

CVE-2026-57234

A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...

4.8CVSS5.6AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 9:25 p.m.8 views

CVE-2026-57437

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...

6.3CVSS5.6AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 11:9 a.m.11 views

CVE-2026-57438

A flaw was found in Nokogiri, an XML and HTML library for the Ruby programming language. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially...

6.6CVSS5.7AI score0.00093EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 5:1 p.m.6 views

CVE-2026-57236

A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...

8.2CVSS5.7AI score0.00331EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS0.00093EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 4:16 p.m.4 views

UBUNTU-CVE-2026-57438

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57435

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

7.5CVSS0.00357EPSS
Exploits0References1
Rows per page
Query Builder