Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

20735
Total
1498
Critical
6296
High
6574
Medium
CVE ID Severity Score Description Published
CVE-2026-12844 HIGH 7.5 List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a … Jun 25, 2026
CVE-2026-6432 UNKNOWN Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage. Jun 25, 2026
CVE-2026-57588 LOW 3.3 A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious … Jun 25, 2026
CVE-2026-57587 MEDIUM 5.3 A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into … Jun 25, 2026
CVE-2026-57536 UNKNOWN Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and … Jun 25, 2026
CVE-2026-57535 UNKNOWN Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to … Jun 25, 2026
CVE-2026-57534 UNKNOWN Malicious HTML content could be injected into the content of a page in the pretix-pages plugin. Jun 25, 2026
CVE-2026-57533 UNKNOWN Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this … Jun 25, 2026
CVE-2026-57532 UNKNOWN Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the … Jun 25, 2026
CVE-2026-57437 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive … Jun 25, 2026
CVE-2026-57436 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was … Jun 25, 2026
CVE-2026-57435 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby … Jun 25, 2026
CVE-2026-57434 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods … Jun 25, 2026
CVE-2026-57236 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a … Jun 25, 2026
CVE-2026-57235 UNKNOWN Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested … Jun 25, 2026
CVE-2026-57234 LOW 2.6 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on … Jun 25, 2026
CVE-2026-49319 MEDIUM 6.5 Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a … Jun 25, 2026
CVE-2026-46735 HIGH 7.8 Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command … Jun 25, 2026
CVE-2026-13314 UNKNOWN Malicious HTML content could be injected into the content rendered by the pretix-digital plugin. Jun 25, 2026
CVE-2026-13225 UNKNOWN Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets … Jun 25, 2026
CVE-2026-13223 UNKNOWN Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one … Jun 25, 2026
CVE-2026-13222 UNKNOWN Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one … Jun 25, 2026
CVE-2026-57619 MEDIUM 6.5 Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions. Jun 25, 2026
CVE-2026-57429 MEDIUM 6.5 Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. Jun 25, 2026
CVE-2026-56122 HIGH 7.5 Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash … Jun 25, 2026