3 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-27606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler specifically v4.x and present in current...
Security Bulletin: Carbon design system packages
Summary Various packages are vulnerable to multiples CVEs and can be resolved by updating to [email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected], @carbon/[email protected]....
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in rollup when bundling scripts that use import.meta.url or with plugins that emit and reference asset files from code in cjs/umd/iife format. The DOM Clobbering gadget can lead to cross-site scripting XSS in web pages where scriptless...