555 matches found
ROOT-APP-NPM-CVE-2025-26791 CVE-2025-26791 in @rootio/dompurify - Patched by Root
Root has patched CVE-2025-26791 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-CJMM-F4JC-QW8R GHSA-cjmm-f4jc-qw8r in @rootio/dompurify - Patched by Root
Root has patched GHSA-cjmm-f4jc-qw8r in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-39Q2-94RC-95CP GHSA-39q2-94rc-95cp in @rootio/dompurify - Patched by Root
Root has patched GHSA-39q2-94rc-95cp in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-15599 CVE-2025-15599 in @rootio/dompurify - Patched by Root
Root has patched CVE-2025-15599 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41240 CVE-2026-41240 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-41240 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-49458 CVE-2026-49458 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-49458 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-0540 CVE-2026-0540 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-0540 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-CJ63-JHHR-WCXV GHSA-cj63-jhhr-wcxv in @rootio/dompurify - Patched by Root
Root has patched GHSA-cj63-jhhr-wcxv in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41238 CVE-2026-41238 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-41238 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41239 CVE-2026-41239 in @rootio/dompurify - Patched by Root
Root has patched CVE-2026-41239 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-GHSA-H8R8-WCCR-V5F2 GHSA-h8r8-wccr-v5f2 in @rootio/dompurify - Patched by Root
Root has patched GHSA-h8r8-wccr-v5f2 in the @rootio/dompurify package for Root:npm. Multiple fixed versions available...
DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization
A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...
Security Bulletin: IBM i is Affected By Multiple Vulnerabilities in Navigator for i and Digital Certifcate Manager
Summary Navigator for IBM i uses DOMPurify for cross-site scripting sanitization. DOMPurify is vulnerable to prototype pollution-based XSS bypass CVE-2026-41238, skipped sanitization in non-string mode CVE-2026-41239, and skipped sanitization when using the ADDTAGS function CVE-2026-41240...
Security Bulletin: DataStage on Cloud Pak for Data has several vulnerabilities due to open source software
Summary Open source packages are used as part of the overall processing in DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2026-2581 DESCRIPTION: This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici...
Cross-Site Scripting (XSS)
DOMPurify is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to DOMPurify skipping the contents of shadow DOM elements inside HTML elements during sanitization, which allows an attacker to embed malicious payloads that execute when the template is cloned and inserted into the pag...
Cross-site Scripting (XSS)
DOMPurify is vulnerable to cross-site scripting XSS. The vulnerability is due to the use of realm-specific instanceof checks when sanitizing DOM nodes from a different same-origin realm, which allows an attacker to bypass sanitization for form attributes, template content, and shadow DOM, leading...
CVE-2026-12048
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...
CVE-2026-12048
CVE-2026-12048 affects pgAdmin 4 (versions 6.0 up to 9.16). Stored XSS occurs when untrusted server-returned text is passed through html-react-parser in multiple user-facing sinks (toasts, dialogs, explain visualiser, SQL editor prompts, etc.), allowing an attacker-controlled PostgreSQL server to...
CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...
CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...