Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20 matches found

OSV
OSVadded 3 days ago7 views

ROOT-APP-NPM-CVE-2026-0540 CVE-2026-0540 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-0540 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS7.2AI score0.00284EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/10 12:21 p.m.6 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Scheduler Optimizer uses dompurify-3.2.4.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3...

6.1CVSS7.4AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/09 3:22 p.m.7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in dompurify-3.2.6.tgz Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization...

6.1CVSS7.4AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/03 7:19 a.m.16 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses pytest-9.0.2-py3-none-any.whl, WebSphere Application Server Liberty, dompurify-3.2.7.tgz, requests-2.32.5-py3-none-any.whl, yaml-1.10.2.tgz, brace-expansion-1.1.12.tgz and dompurify-3.3.2.tgz which are vulnerable to CVE-2025-71176, CVE-2025-14923,...

9.8CVSS6.9AI score0.00469EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/18 4:41 p.m.12 views

Security Bulletin: Cross-site scripting, authentication bypass by spoofing, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service

Summary IBM Storage Defender - Resiliency Service is vulnerable to cross-site scripting, authentication bypass by spoofing, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...

9.8CVSS7.8AI score0.00916EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/05 12:46 p.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540

Summary IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.4.tgz, dompurify-3.2.6.tgz which is vulnerable to CVE-2025-15599, CVE-2026-0540, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-15599...

6.1CVSS6.7AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/05/04 6:55 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540.

Summary IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3...

6.1CVSS7.2AI score0.00284EPSS
Exploits0Affected Software1
OPENSUSE Linux
OPENSUSE Linuxadded 2026/04/23 12:0 a.m.17 views

cacti-1.2.30+git306.82d5aef5-1.1 on GA media (moderate)

cacti-1.2.30+git306.82d5aef5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10599-1 Rating: moderate Cross-References: CVE-2026-0540 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

6.1CVSS5.8AI score0.00284EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/22 4:12 p.m.4 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js. CVE-2026-32141, CVE-2026-0540, CVE-2026-2327, CVE-2026-27903, CVE-2026-27904. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3214...

6.1CVSS5.8AI score0.00284EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/22 2:30 p.m.4 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-15599)

Summary IBM Security SOAR uses an older version of the DOMPurify component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION:...

6.1CVSS5.6AI score0.00284EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/06 4:27 p.m.19 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify (CVE-2025-15599, CVE-2026-0540)

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in DOMPurify CVE-2025-15599, CVE-2026-0540. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-15599 DESCRIPTION: DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a...

6.1CVSS5.9AI score0.00284EPSS
Exploits0Affected Software1
Chainguard
Chainguardadded 2026/03/11 1:17 a.m.4 views

CVE-2026-0540 vulnerabilities

Vulnerabilities for packages: langfuse, wazuh-dashboard, opensearch-dashboards, kibana, langfuse-fips, librechat, opensearch-dashboards-fips...

6.1CVSS7.2AI score0.00284EPSS
Exploits0
Wolfi
Wolfiadded 2026/03/10 7:48 p.m.4 views

CVE-2026-0540 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, langfuse...

6.1CVSS7.2AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/03/03 9:44 p.m.6 views

1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +2079 more potentially affected by CVE-2026-0540 via dompurify (>=3.0.0 <=3.3.1)

dompurify NPM version =3.0.0, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =1.5.1, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20240828032938, =0.2.8-experimental.0, =1.2.0, =1.0.0, =1.0.35 and more Source cves: CVE-2026-0540 Source advisory: SNYK:JS-DOMPURIFY-15371376...

6.1CVSS7.4AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/03/03 9:44 p.m.9 views

net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-0540 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)

org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-0540 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15371377...

6.1CVSS7.2AI score0.00284EPSS
Exploits0
Circl
Circladded 2026/03/03 8:43 p.m.4 views

CVE-2026-0540

creationtimestamp| type| source ---|---|--- 2026-03-03 20:43:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mg6n2wcroi2u...

6.1CVSS5.9AI score0.00284EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/03/03 6:31 p.m.6 views

@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2026-0540 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

6.1CVSS7.4AI score0.00284EPSS
Exploits0
vulnersOsv
vulnersOsvadded 2026/03/03 6:31 p.m.5 views

1router (>=0.3.96 <=1.0.2), 9router-custom (=0.3.55) +1877 more potentially affected by CVE-2026-0540 via dompurify (>=3.1.3 <=3.3.1)

dompurify NPM version =3.1.3, =0.3.96, =0.3.33, =0.5.0, =1.0.0, =0.18.0-beta.0, =0.0.1, =0.1.0-alpha.1, =0.1.0, =0.1.0, =0.0.0-dev-20241106153220, =1.0.0, =4.4.0-rc1, =6.4.23, =6.4.37 - @agient/chatbot =1.1.0 and more Source cves: CVE-2026-0540 Source advisory: OSV:GHSA-V2WJ-7WPQ-C8VV...

6.1CVSS7.4AI score0.00284EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/03/03 5:26 p.m.4 views

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

6.1CVSS7.5AI score0.00284EPSS
Exploits0
EUVD
EUVDadded 2026/01/02 6:30 p.m.2 views

EUVD-2026-0540

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score
Exploits0References1
Rows per page
Query Builder