Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-57435 — Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Att…

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacin…

nokogiri | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.5 HIGH
CVE-2026-57434 — Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper …

nokogiri | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-57236 — Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exce…

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a n…

nokogiri | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-57235 — Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's…

nokogiri | Remote | Memory Corruption
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
2.6 LOW
CVE-2026-57234 — Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2…

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-…

nokogiri | Remote | XML External Entity
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
6.9 MEDIUM
CVE-2026-49319 — Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authenticatio…

| Authentication
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.8 HIGH

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privi…

Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
2.0 LOW
CVE-2026-13314 — Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
5.3 MEDIUM
CVE-2026-13225 — Stored XSS in ticket confirmation page

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

pretix | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.3 MEDIUM
CVE-2026-13223 — Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and suppl…

Remote | Authentication
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.3 MEDIUM
CVE-2026-13222 — Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply i…

Remote
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.5 MEDIUM
CVE-2026-57619 — WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerabili…

Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.

website_builder | Remote | Information Disclosure
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
6.5 MEDIUM
CVE-2026-57429 — WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability

Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.

Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.7 HIGH
CVE-2026-56122 — Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences …

Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.1 HIGH
CVE-2026-56071 — WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

forminator | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-56054 — WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

Remote | Path Traversal
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.8 HIGH
CVE-2026-56053 — WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

eventprime | Remote | Injection
Jun 25, 2026 Jun 26, 2026
Jun 25, 2026
Jun 26, 2026
7.1 HIGH
CVE-2026-56051 — WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

tablepress | Remote | Cross-Site Scripting
Jun 25, 2026 Jun 29, 2026
Jun 25, 2026
Jun 29, 2026
6.5 MEDIUM
CVE-2026-56050 — WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a thr…

product_addons_\&_fields_for_woocommerce | Remote | Authorization
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
8.5 HIGH
CVE-2026-56049 — WordPress Post Snippets plugin <= 4.0.19 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

post_snippets | Remote | Injection
Jun 25, 2026 Jun 25, 2026
Jun 25, 2026
Jun 25, 2026
Showing 20 of 7990 Results