LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.7	CVE-2026-57437	Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime_CVE-2026-57437 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its so...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57436	Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type_CVE-2026-57436 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only th...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57435	Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`_CVE-2026-57435 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57434	Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes_CVE-2026-57434 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain me...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57236	Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception_CVE-2026-57236 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid enco...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2.6	CVE-2026-57234	Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247_CVE-2026-57234 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-13314	Stored XSS in pretix-digital_CVE-2026-13314 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.	pretix	pretix-digital	Jun 25, 2026	CVE
LOW 2.2	CVE-2026-57438	Nokogiri: Possible Use-After-Free in XInclude Processing_CVE-2026-57438 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XM...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-56130	Apache Shiro: Remember-me cookie isn’t checked for expiry on the server_CVE-2026-56130 "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, ...	Apache Software Foundation	Apache Shiro 1.2.4	Jun 25, 2026	CVE
LOW 2.4	CVE-2026-45188	Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling_CVE-2026-45188 Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to u...	Apache Software Foundation	Apache Kvrocks 1.0.0	Jun 25, 2026	CVE