CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.7	CVE-2026-57434	Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes_CVE-2026-57434 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain me...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57236	Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception_CVE-2026-57236 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid enco...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-57235	Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`_CVE-2026-57235 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2.6	CVE-2026-57234	Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247_CVE-2026-57234 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-49319	Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack_CVE-2026-49319 Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a rol...	Alps Electric Co., Ltd.	Remote Keyless Entry System (RKES) R53R0 R53R0	Jun 25, 2026	CVE
HIGH 7.8	CVE-2026-46735	CVE-2026-46735_CVE-2026-46735 Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command...	Dell	Display and Peripheral Manager	Jun 25, 2026	CVE
LOW 2	CVE-2026-13314	Stored XSS in pretix-digital_CVE-2026-13314 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.	pretix	pretix-digital	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-13225	Stored XSS in ticket confirmation page_CVE-2026-13225 Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page fo...	pretix	pretix	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-13223	Insufficient validation of payment status in pretix-computop_CVE-2026-13223 Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successfu...	pretix	pretix-computop	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-13222	Insufficient validation of payment status in pretix-oppwa_CVE-2026-13222 Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful p...	pretix	pretix-oppwa	Jun 25, 2026	CVE