CVE-2026-0540 DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...

Everyone Needs AIR: An Agnostic Incident Reporting Framework for Cybersecurity in Operational Technology

Operational technology OT networks are increasingly coupled with information technology IT, expanding the attack surface and complicating incident response. Although OT standards emphasise incident reporting and evidence preservation, they do not specify what data to capture during an incident,...

UBUNTU-CVE-2025-40114

In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075readinttimems The array contains only 5 elements, but the index calculated by veml6075readinttimeindex can range from 0 to 7, which could lead to out-of-bounds access. The check...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML elements and attributes. An attacker can inject malicious scripts by exploiting the overridden sanitizer configurations that allow certain HTML5 elements such as math,...