Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
20735
Total
1498
Critical
6296
High
6574
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12844 | HIGH | 7.5 | List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a … | Jun 25, 2026 |
| CVE-2026-6432 | UNKNOWN | — | Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage. | Jun 25, 2026 |
| CVE-2026-57588 | LOW | 3.3 | A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious … | Jun 25, 2026 |
| CVE-2026-57587 | MEDIUM | 5.3 | A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into … | Jun 25, 2026 |
| CVE-2026-57536 | UNKNOWN | — | Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and … | Jun 25, 2026 |
| CVE-2026-57535 | UNKNOWN | — | Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to … | Jun 25, 2026 |
| CVE-2026-57534 | UNKNOWN | — | Malicious HTML content could be injected into the content of a page in the pretix-pages plugin. | Jun 25, 2026 |
| CVE-2026-57533 | UNKNOWN | — | Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this … | Jun 25, 2026 |
| CVE-2026-57532 | UNKNOWN | — | Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the … | Jun 25, 2026 |
| CVE-2026-57437 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive … | Jun 25, 2026 |
| CVE-2026-57436 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was … | Jun 25, 2026 |
| CVE-2026-57435 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby … | Jun 25, 2026 |
| CVE-2026-57434 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods … | Jun 25, 2026 |
| CVE-2026-57236 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a … | Jun 25, 2026 |
| CVE-2026-57235 | UNKNOWN | — | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested … | Jun 25, 2026 |
| CVE-2026-57234 | LOW | 2.6 | Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on … | Jun 25, 2026 |
| CVE-2026-49319 | MEDIUM | 6.5 | Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a … | Jun 25, 2026 |
| CVE-2026-46735 | HIGH | 7.8 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command … | Jun 25, 2026 |
| CVE-2026-13314 | UNKNOWN | — | Malicious HTML content could be injected into the content rendered by the pretix-digital plugin. | Jun 25, 2026 |
| CVE-2026-13225 | UNKNOWN | — | Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets … | Jun 25, 2026 |
| CVE-2026-13223 | UNKNOWN | — | Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one … | Jun 25, 2026 |
| CVE-2026-13222 | UNKNOWN | — | Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one … | Jun 25, 2026 |
| CVE-2026-57619 | MEDIUM | 6.5 | Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions. | Jun 25, 2026 |
| CVE-2026-57429 | MEDIUM | 6.5 | Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. | Jun 25, 2026 |
| CVE-2026-56122 | HIGH | 7.5 | Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash … | Jun 25, 2026 |