CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

740 matches found

Prion•added 2023/09/29 10:15 p.m.•18 views

Code injection

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

5CVSS5.4AI score0.00166EPSS

Exploits0References4Affected Software1

UbuntuCve•added 2023/09/29 10:15 p.m.•79 views

CVE-2023-44270

5.3CVSS6.8AI score0.00166EPSS

Exploits0References5

OSV•added 2023/09/29 10:15 p.m.•2 views

UBUNTU-CVE-2023-44270

5.3CVSS6.7AI score0.00166EPSS

Exploits0References6

Cvelist•added 2023/09/29 12:0 a.m.•30 views

CVE-2023-44270

5.3AI score0.00166EPSS

Exploits0References4

Positive Technologies•added 2023/09/29 12:0 a.m.•3 views

PT-2023-7567 · Postcss +1 · Postcss +1

Name of the Vulnerable Software and Affected Versions: PostCSS versions prior to 8.4.31 Description: The issue affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contain parts parsed by PostCSS as a CSS comment. After processing b...

10CVSS7.7AI score0.04859EPSS

Exploits10References57

Debian CVE•added 2023/09/29 12:0 a.m.•45 views

CVE-2023-44270

5.3CVSS6.2AI score0.00166EPSS

Exploits0

Vulnrichment•added 2023/09/29 12:0 a.m.•18 views

CVE-2023-44270

6.5AI score0.00166EPSS

Exploits0References4

CNNVD•added 2023/09/29 12:0 a.m.•1 views

PostCSS Injection Vulnerability

Andrey Sitnik postcss is an application by the individual developer Andrey Sitnik in Spain. A tool for converting styles using JS plugins. An injection vulnerability exists in versions of PostCSS prior to 8.4.31. No information about this vulnerability is available at this time, please stay tuned...

5.3CVSS7AI score0.00166EPSS

Exploits0References6

CVE•added 2023/09/29 12:0 a.m.•333 views

CVE-2023-44270

CVE-2023-44270 : PostCSS before 8.4.31 has a vulnerability where CSS that is parsed from external untrusted CSS can cause parts of the CSS to be treated as comments and then end up in the PostCSS output as valid CSS nodes (rules/properties). This can occur when linters rely on PostCSS for parsing...

5.3CVSS4.9AI score0.00166EPSS

Exploits0References5Affected Software1

Snyk•added 2023/03/01 8:18 a.m.•2 views

Malicious Package

Overview postcss-file-match is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

9.8CVSS7.1AI score

Exploits0References3

OSSF Malicious Packages•added 2023/01/30 11:42 a.m.•4 views

Malicious code in postcss-file-match (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 416239cd07c736ee9cda1661d413016b66a35ccd99054f13c8fb5b81fefa02dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2023/01/30 11:42 a.m.•5 views

MAL-2023-690 Malicious code in postcss-file-match (npm)

7AI score

Exploits0References1

Snyk•added 2023/01/29 3:29 p.m.•1 views

Malicious Package

Overview postcss-toc is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score

Exploits0References3

OSV•added 2022/08/19 3:55 a.m.•7 views

MAL-2022-5423 Malicious code in postcss-fleexbugs-fixs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e1b9d652e96c357326a2bbdd94a69349443c42ed9a6d7115745a02db3e3cb47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSSF Malicious Packages•added 2022/08/19 3:55 a.m.•2 views

Malicious code in postcss-fleexbugs-fixs (npm)

6.9AI score

Exploits0References1

OSSF Malicious Packages•added 2022/06/20 8:13 p.m.•2 views

Malicious code in postcss-lazy-rules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3af0b17a0cca4f52c02b138fec9e69ba2c506346ef1a6b57cbf893a03b7b5c46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References1

OSV•added 2022/06/20 8:13 p.m.•8 views

MAL-2022-5424 Malicious code in postcss-lazy-rules (npm)

7AI score

Exploits0References1

Github Security Blog•added 2022/01/07 12:21 a.m.•122 views

Regular Expression Denial of Service in postcss

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern regex /\s sourceMappingURL=. PoC js var...

7.5CVSS6.7AI score0.00074EPSS

Exploits1References6Affected Software1

vulnersOsv•added 2022/01/07 12:21 a.m.•1 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02-infrastructure (=1.0.0) +37569 more potentially affected by CVE-2021-23382 via postcss (>=0.1.0 <=7.0.35)

postcss NPM version =0.1.0, =1.0.1, =1.0.0, =1.0.4, =1.0.0, =5.0.0, =1.0.3, =1.0.7 and more Source cves: CVE-2021-23382 Source advisory: OSV:GHSA-566M-QJ78-RWW5...

7.5CVSS6.6AI score0.00074EPSS

Exploits1

OSV•added 2022/01/07 12:21 a.m.•2 views

GHSA-566M-QJ78-RWW5 Regular Expression Denial of Service in postcss

5.3CVSS7.1AI score0.00074EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by