CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to...

PT-2026-32980

Summary DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. Details In...

EUVD-2026-20104

The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the DSGVOGWPdownloadGoogleFonts function in all versions up to, and including, 1.1. The function is exposed via a wpajaxnopriv hook, requiring no authentication. It...

Wiki Spot Cross Site Scripting

Exploit Title: Wiki Spot Cross Site Scripting Date: 18.02.2012 Author: Sony Software Link: http://wikispot.org/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/wiki-spot-cross-site-scripting.html...