744 matches found
CVE-2026-9358 postcss-selector-parser AST Serialization container.js toString recursion
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...
CVE-2026-9358 postcss-selector-parser AST Serialization container.js toString recursion
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...
CVE-2026-9358
A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-9358
A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...
PostCSS 安全漏洞
PostCSS is an open-source style transformation tool developed by PostCSS. Versions of PostCSS 7.1.1 and earlier contained a security vulnerability. This vulnerability stemmed from improper handling of the toString function in the file/src/selectors/container.js component AST serialization, which...
PT-2026-42916
A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...
Malicious code in @tailwind-core/postcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dab944715339b0fabcf954a92fd33faacbb4d878368c36ea5a7d26d72fe2e56 Package name @tailwind-core/postcss is a one-character-class edit of the official @tailwindcss/postcss Tailwind CSS v4 PostCSS plugin, published unde...
MAL-2026-4450 Malicious code in @tailwind-core/postcss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1dab944715339b0fabcf954a92fd33faacbb4d878368c36ea5a7d26d72fe2e56 Package name @tailwind-core/postcss is a one-character-class edit of the official @tailwindcss/postcss Tailwind CSS v4 PostCSS plugin, published unde...
Linux Distros Unpatched Vulnerability : CVE-2026-44301
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node- based asset pipelines PostCSS, Babel, TailwindCSS, Hugo...
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
UBUNTU-CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301
Hugo (static site generator) versions 0.43 through 0.160.x are vulnerable when building a site that uses Node-based asset pipelines (PostCSS, Babel, TailwindCSS). The vulnerability arises because Hugo invoked the configured Node tools without restrictions on file system access, potentially allowi...
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...
Security Bulletin: Resolved a vulnerability in PostCSS versions prior to 8.5.10
Summary Versions prior to 8.5.10 have a vulnerability enabling XSS, we updated the version of PostCSS to version 8.5.10 which resolved the issue Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION: PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the...
CVE-2026-41305
A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...
Linux Distros Unpatched Vulnerability : CVE-2026-41305
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do...
NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...