DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

CVE-2026-41240

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

PT-2026-34604

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 3.4.0 Description An inconsistency exists between the handling of FORBID TAGS and FORBID ATTR when a function-based ADD TAGS configuration is used. Specifically, when the EXTRA ELEMENT HANDLING.tagCheck function...

Oracle DB Privilege Escalation Via Function-Based Index

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB Privilege Escalation via Function-Based Index', 'Description' = %q This module will escalate an Oracle DB user to DBA by creating a...

[SECURITY] Fedora 38 Update: firecracker-1.6.0-6.fc38

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine...

Fedora: Security Advisory for firecracker (FEDORA-2023-98f44d1c4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: firecracker-1.4.1-3.fc38

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine...

[SECURITY] Fedora 37 Update: firecracker-1.4.1-2.fc37

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine...

Fedora: Security Advisory (FEDORA-2023-8e6ae98f81)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle DB Privilege Escalation via Function-Based Index

This module will escalate an Oracle DB user to DBA by creating a function-based index on a table owned by a more-privileged user. Credits to David Litchfield for publishing the technique. This module requires Metasploit: https://metasploit.com/download Current source:...