VulnSea
CVE-2026-49459 — DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM · VulnSea