Lucene search
K

555 matches found

OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2025-26791 CVE-2025-26791 in @rootio/dompurify - Patched by Root

Root has patched CVE-2025-26791 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS6.6AI score0.00583EPSS
Exploits1
OSV
OSV
added yesterday10 views

ROOT-APP-NPM-GHSA-CJMM-F4JC-QW8R GHSA-cjmm-f4jc-qw8r in @rootio/dompurify - Patched by Root

Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-GHSA-39Q2-94RC-95CP GHSA-39q2-94rc-95cp in @rootio/dompurify - Patched by Root

Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2025-15599 CVE-2025-15599 in @rootio/dompurify - Patched by Root

Root has patched CVE-2025-15599 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS5.8AI score0.00245EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2026-41240 CVE-2026-41240 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-41240 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS7.3AI score0.00313EPSS
Exploits1
OSV
OSV
added yesterday3 views

ROOT-APP-NPM-CVE-2026-49458 CVE-2026-49458 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-49458 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS6.1AI score0.00055EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2026-0540 CVE-2026-0540 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-0540 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.1CVSS7.2AI score0.0034EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-GHSA-CJ63-JHHR-WCXV GHSA-cj63-jhhr-wcxv in @rootio/dompurify - Patched by Root

Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-CVE-2026-41238 CVE-2026-41238 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-41238 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.9CVSS5.8AI score0.00225EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-41239 CVE-2026-41239 in @rootio/dompurify - Patched by Root

Root has patched CVE-2026-41239 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

6.8CVSS5.8AI score0.00248EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-GHSA-H8R8-WCCR-V5F2 GHSA-h8r8-wccr-v5f2 in @rootio/dompurify - Patched by Root

Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.4AI score0.00313EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 2:12 p.m.6 views

Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager

Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...

8.8CVSS7.5AI score0.00331EPSS
Exploits1Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/28 7:37 p.m.8 views

Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software

Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...

7.5CVSS5.6AI score0.00728EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2026/06/27 5:53 a.m.6 views

Cross-Site Scripting (XSS)

DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOMPurify skipping the contents of shadow DOM elements inside HTML elements during sanitization, which allows an attacker to embed malicious payloads that execute when the template is cloned and inserted into the pag...

6.3CVSS6.1AI score0.00038EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/06/23 9:47 a.m.8 views

Cross-site Scripting (XSS)

DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to the use of realm-specific instanceof checks when sanitizing DOM nodes from a different same-origin realm, which allows an attacker to bypass sanitization for form attributes, template content, and shadow DOM, leading...

6.1CVSS5.7AI score0.00055EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/19 12:16 a.m.11 views

CVE-2026-12048

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 11:37 p.m.88 views

CVE-2026-12048

CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...

9.3CVSS5.4AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.42 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 11:37 p.m.1 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS7.1AI score0.0021EPSS
Exploits0References5
Rows per page
Query Builder