Total CVEs

145,779

Critical Severity

4,273

High Severity

15,744

Last 7 Days

2,233
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 6,081 - 6,100 of 42,184 CVEs
CVE-2026-57435 HIGH - 7.5

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiriโ€™s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri:...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD
CVE-2026-57434 HIGH - 7.5

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could cras...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD
CVE-2026-57236 HIGH - 8.2

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string wit...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD
CVE-2026-57235 HIGH - 8.2

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check ...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with def...

Vendor: sparklemotion
Product: nokogiri
Published: Jun 25, 2026
Source: NVD
CVE-2026-49319 MEDIUM - 6.5

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.ย  An attacker within RF range who records two consecutive lock or unlock transmissions from a le...

Vendor: Alps Electric Co., Ltd.
Product: Remote Keyless Entry System (RKES) R53R0
Published: Jun 25, 2026
Source: NVD
CVE-2026-46735 HIGH - 7.8

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to C...

Vendor: Dell
Product: Display and Peripheral Manager
Published: Jun 25, 2026
Source: NVD

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

Vendor: pretix
Product: pretix-digital
Published: Jun 25, 2026
Source: NVD

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

Vendor: pretix
Product: pretix
Published: Jun 25, 2026
Source: NVD

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one ...

Vendor: pretix
Product: pretix-computop
Published: Jun 25, 2026
Source: NVD

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one pay...

Vendor: pretix
Product: pretix-oppwa
Published: Jun 25, 2026
Source: NVD
CVE-2026-57619 MEDIUM - 6.5

Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.

Vendor: Elementor
Product: Elementor Website Builder
Published: Jun 25, 2026
Source: NVD
CVE-2026-57429 MEDIUM - 6.5

Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.

Vendor: eLightUp
Product: Slim SEO
Published: Jun 25, 2026
Source: NVD
CVE-2026-56122 HIGH - 7.5

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse ...

Vendor: rickknowles
Product: Winstone Servlet Container
Published: Jun 25, 2026
Source: NVD
CVE-2026-56071 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

Vendor: WPMU DEV
Product: Forminator
Published: Jun 25, 2026
Source: NVD
CVE-2026-56054 HIGH - 7.7

Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

Vendor: Ahmad
Product: JS Help Desk
Published: Jun 25, 2026
Source: NVD
CVE-2026-56053 HIGH - 8.8

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

Vendor: EventPrime
Product: EventPrime
Published: Jun 25, 2026
Source: NVD
CVE-2026-56051 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

Vendor: TablePress
Product: TablePress
Published: Jun 25, 2026
Source: NVD
CVE-2026-56050 MEDIUM - 6.5

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.

Vendor: Themeisle
Product: PPOM for WooCommerce
Published: Jun 25, 2026
Source: NVD
CVE-2026-56049 HIGH - 8.5

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

Vendor: Post Snippets
Product: Post Snippets
Published: Jun 25, 2026
Source: NVD