Lucene search
K

364045 matches found

NVD
NVD
•added 2026/06/25 3:16 p.m.•9 views

CVE-2026-57436

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS0.00312EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•8 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS0.00312EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•10 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•10 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS0.00166EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•9 views

CVE-2026-57434

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...

7.5CVSS0.00357EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•8 views

CVE-2026-57236

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

8.2CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•9 views

CVE-2026-57235

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

8.2CVSS0.00331EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•10 views

CVE-2026-49319

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS0.0024EPSS
Exploits0References2
NVD
NVD
•added 2026/06/25 3:16 p.m.•7 views

CVE-2026-46735

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS0.00693EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•9 views

CVE-2026-13222

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•8 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•11 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 3:16 p.m.•8 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•17 views

CVE-2026-57619

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-57429

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS0.00248EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-56053

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-56071

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-56122

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS0.00377EPSS
Exploits0References3
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-56054

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS0.0045EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-56051

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-56014

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-56049

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS0.00351EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-56006

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-56023

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS0.00203EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-56050

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-56042

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-56013

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS0.00235EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-56005

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS0.0023EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-54848

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS0.00182EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-54849

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS0.00229EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-54843

Unauthenticated SQL Injection in MDTF = 1.3.7 versions...

9.3CVSS0.00229EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-54845

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS0.00274EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-54842

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25...

8.1CVSS0.00195EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•8 views

CVE-2026-54844

Unauthenticated Broken Access Control in CheckView Automated Testing = 2.1.0 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•4 views

CVE-2026-54836

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS0.00229EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•4 views

CVE-2026-54829

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005...

7.5CVSS0.00195EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•4 views

CVE-2026-54838

Subscriber SQL Injection in WC Vendors Marketplace = 2.6.8 versions...

8.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-54830

Unauthenticated Broken Access Control in Five Star Restaurant Reservations = 2.7.19 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-54822

Subscriber SQL Injection in SALESmanago & Leadoo = 3.11.2 versions...

8.5CVSS0.0027EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-54828

Unauthenticated Broken Access Control in Motors = 1.4.109 versions...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-54821

Subscriber Sensitive Data Exposure in Visual Link Preview = 2.3.1 versions...

7.4CVSS0.00264EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS0.00426EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-52690

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail...

5.9CVSS0.00352EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS0.00548EPSS
Exploits0References1
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-4526

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS0.00249EPSS
Exploits0References2
NVD
NVD
•added 2026/06/25 2:16 p.m.•6 views

CVE-2026-47152

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-47151

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS0.00217EPSS
Exploits0References2
NVD
NVD
•added 2026/06/25 2:16 p.m.•7 views

CVE-2026-47153

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS0.00249EPSS
Exploits0References2
NVD
NVD
•added 2026/06/25 2:16 p.m.•5 views

CVE-2026-47154

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS0.00249EPSS
Exploits0References2
Total number of security vulnerabilities364045