Lucene search
K

27 matches found

OSV
OSV
added 2026/06/24 9:38 a.m.8 views

ROOT-APP-NPM-CVE-2025-26791 CVE-2025-26791 in @rootio/dompurify - Patched by Root

Root has patched CVE-2025-26791 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS6.6AI score0.00559EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/10/28 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-ebd5b65ce8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.00559EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/10 1:10 p.m.4 views

Security Bulletin: IBM QRadar Investigation Assistant app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Investigation Assistant app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of...

9.4CVSS5.6AI score0.01735EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:47 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses dompurify-3.2.3.tgz which is vulnerable to this CVE-2025-26791 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes...

6.1CVSS6.2AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/10 9:2 a.m.5 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in dompurify-2.5.8.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of dompurify-2.5.8.tgz Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CWE:CWE-79:...

6.1CVSS6.3AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 8:0 a.m.3 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 7:58 a.m.3 views

Security Bulletin: IBM Maximo Application Suite uses multiple nodejs pacakges which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791"

Summary IBM Maximo Application Suite uses multiple Node.js packages which is vulnerable to "CVE-2025-27789, CVE-2025-27152, CVE-2025-26791". This bulletin contains information regarding the vulnerability and its fix. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for...

8.7CVSS6.2AI score0.00759EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-381c988800)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7AI score0.00559EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2025/05/26 12:0 a.m.9 views

Fedora: Security Advisory (FEDORA-2025-9e6b55e70b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7AI score0.00559EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 10:17 a.m.19 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to dompurify-3.2.3.tgz CVE-2025-26791. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS6.4AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 12:30 p.m.14 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite - Manage Component uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/07 3:22 p.m.25 views

Security Bulletin: IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791.

Summary IBM Maximo Application Suite uses dompurify-3.2.3.tgz which is vulnerable to CVE-2025-26791. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/03 12:0 a.m.5 views

Fedora 40 : nextcloud (2025-dbeb2c60c3)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-dbeb2c60c3 advisory. 31.0.2 release RHBZ2345769 RHBZ2345775 RHBZ2350414 Tenable has extracted the preceding description block directly from the Fedora security advisory...

6.1CVSS6.5AI score0.00559EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/26 12:0 a.m.2 views

argocd-cli-2.14.8-1.1 on GA media (moderate)

argocd-cli-2.14.8-1.1 on GA media Announcement ID: openSUSE-SU-2025:14921-1 Rating: moderate Cross-References: CVE-2025-26791 CVSS scores: CVE-2025-26791 SUSE : 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2025-26791 SUSE : 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA...

4.2CVSS7.3AI score0.00559EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 10:58 p.m.13 views

Security Bulletin: IBM Aspera Desktop App is vulnerable to mutation cross-site scripting (mXSS). (CVE-2025-26791)

Summary DOMPurify component is vulnerable to mutation cross-site scripting mXSS which has been addressed in IBM Aspera Desktop App version v1.0.8 Vulnerability Details CVEID:CVE-2025-26791 DESCRIPTION: DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading ...

6.1CVSS5.8AI score0.00559EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 12:40 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to cross-site scripting [CVE-2025-26791]

Summary node.js module DOMPurify is used by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. DesignerAuthoring operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in node.js module DOMPurify...

6.1CVSS5.5AI score0.00559EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2025-26791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS. CVE-2025-26791 Note that...

6.1CVSS6.6AI score0.00559EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2025/02/27 2:56 a.m.5 views

SUSE CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting mXSS...

4.2CVSS6.4AI score0.00559EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/02/26 2:58 p.m.14 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.9

Red Hat OpenShift Service Mesh Containers for 2.5.9 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift...

6.1CVSS6.6AI score0.00559EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/02/14 9:31 a.m.5 views

011xwztpjn (=1.0.0), 02y9dg4qm3 (=1.0.0) +10095 more potentially affected by CVE-2025-26791 via dompurify (>=0.6.6 <=3.2.3)

dompurify NPM version =0.6.6, =3.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on dompurify and may be impacted: - 011xwztpjn =1.0.0 - 02y9dg4qm3 =1.0.0 - 04tw75kmd9 =1.0.0 - 0650teqqly =1.0.0 - 097oi25ils =1.0.0 - 0a0fpniotn =1.0.0 - 0c7j76u46q...

6.1CVSS6.6AI score0.00559EPSS
Exploits1
Rows per page
Query Builder