27 matches found
ROOT-APP-NPM-CVE-2025-26791 CVE-2025-26791 in @rootio/dompurify - Patched by Root
Root has patched CVE-2025-26791 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
Fedora: Security Advisory (FEDORA-2025-ebd5b65ce8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM QRadar Investigation Assistant app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Investigation Assistant app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791
Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-2.5.8.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...
Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"
Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"
Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...
Fedora: Security Advisory (FEDORA-2025-381c988800)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-9e6b55e70b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...
Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.
Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...
Fedora 40 : nextcloud (2025-dbeb2c60c3)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-dbeb2c60c3 advisory. 31.0.2 release RHBZ2345769 RHBZ2345775 RHBZ2350414 Tenable has extracted the preceding description block directly from the Fedora security advisory...
argocd-cli-2.14.8-1.1 on GA media (moderate)
argocd-cli-2.14.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:14921-1 Rating: moderate Cross-References: CVE-2025-26791 CVSS scores: CVE-2025-26791 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-26791 SUSE : 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA...
Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)
Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting [CVE-2025-26791]
Summary node.js module DOMPurify is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in node.js module DOMPurify...
Linux Distros Unpatched Vulnerability : CVE-2025-26791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CVE-2025-26791 Note that...
SUSE CVE-2025-26791
DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.9
Red Hat OpenShift Service Mesh Containers for 2.5.9 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...
011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +10095 more potentially affected by CVE-2025-26791 via dompurify (>=0.6.6 <=3.2.3)
dompurify NPM version =0.6.6, =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...