Lucene search
K
VulnrichmentRecent

161699 matches found

Vulnrichment
Vulnrichment
•added 2026/06/25 2:31 p.m.•7 views

CVE-2026-57235 Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:30 p.m.•10 views

CVE-2026-57234 Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:29 p.m.•7 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:29 p.m.•6 views

CVE-2026-57236 Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:26 p.m.•6 views

CVE-2026-13225 Stored XSS in ticket confirmation page

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:11 p.m.•8 views

CVE-2026-49319 Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

Remote Keyless Entry System RKES, using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication. An attacker within RF range who records two consecutive lock or unlock transmissions from a...

6.9CVSS5.9AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 2:11 p.m.•6 views

CVE-2026-57534 Stored XSS in pretix-pages

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:8 p.m.•8 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:7 p.m.•6 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 2:3 p.m.•5 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:53 p.m.•9 views

CVE-2026-13314 Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:49 p.m.•5 views

CVE-2026-6432 Improper bounds validation in EmberZNet SDK

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage...

5.3CVSS5.8AI score0.00308EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:48 p.m.•5 views

CVE-2026-46735

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS5.9AI score0.00693EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:47 p.m.•7 views

CVE-2026-57587 SQL Injection in Nessus via Reverse DNS Lookup

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

6.3CVSS5.9AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:47 p.m.•8 views

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

4.6CVSS5.9AI score0.00304EPSS
Exploits2References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:43 p.m.•8 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.3CVSS5.9AI score0.00064EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:43 p.m.•6 views

CVE-2026-47154 Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:42 p.m.•7 views

CVE-2026-47153 Level Control Step With On/Off divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:41 p.m.•12 views

CVE-2026-47152 Level Control Move divide-by-zero in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:40 p.m.•6 views

CVE-2026-47151 Door Lock ClearWeekdaySchedule invalid table index and write in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:39 p.m.•6 views

CVE-2026-47150 IAS Zone enroll invalid table index and write in EmberZNet 9.0.2

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:38 p.m.•17 views

CVE-2026-47149 Door Lock GetUserType invalid table index in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devic...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:37 p.m.•8 views

CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:36 p.m.•7 views

CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

6.7CVSS5.9AI score0.00075EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:36 p.m.•7 views

CVE-2026-47147 OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:35 p.m.•10 views

CVE-2026-47146 Color Control color-temperature assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:34 p.m.•7 views

CVE-2026-47145 Color Control hue/saturation assertion abort in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:34 p.m.•10 views

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:34 p.m.•9 views

CVE-2026-56122 Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/25 1:32 p.m.•9 views

CVE-2026-4526 Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:28 p.m.•9 views

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS6AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:27 p.m.•10 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
•added 2026/06/25 1:26 p.m.•8 views

CVE-2026-54848 WordPress APIExperts Square for WooCommerce plugin <= 4.7.3 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:23 p.m.•5 views

CVE-2026-49506

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

7.2CVSS5.9AI score0.00548EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:17 p.m.•8 views

CVE-2026-46733

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:17 p.m.•6 views

CVE-2026-54836 WordPress Filter & Grids plugin <= 3.11.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:16 p.m.•7 views

CVE-2026-42389 Reject more queries with invalid header values

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•8 views

CVE-2026-12755

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2...

5.8AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-57429 WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Contributor Broken Access Control in Slim SEO = 4.6.2 versions...

6.5CVSS5.8AI score0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•9 views

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

7.7CVSS5.8AI score0.0045EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•5 views

CVE-2026-56051 WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in TablePress = 3.3.1 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•8 views

CVE-2026-56049 WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-56023 WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS5.9AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•12 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-56014 WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•6 views

CVE-2026-56013 WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in License Manager for WooCommerce = 3.0.15 versions...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•8 views

CVE-2026-56005 WordPress WP Activity Log plugin <= 5.6.3.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in WP Activity Log = 5.6.3.1 versions...

7.1CVSS5.8AI score0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/25 1:12 p.m.•7 views

CVE-2026-54845 WordPress MDTF plugin <= 1.3.8 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
Total number of security vulnerabilities161699