Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's…
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-…
Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would d…
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a n…
Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.
Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authenticatio…
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a…
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply i…
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and suppl…
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privi…
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potent…
A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potential…
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit …
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a dev…
In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…
In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the netw…
In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages …