webkitgtk: CSS compositing issue leading to revealing of the browsing history

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

Fedora 42 : webkitgtk (2025-40aeebe6d2)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-40aeebe6d2 advisory. Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thre...

Malicious code in dropdown_styles.css (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

Animating zooming using CSS: transform order is important… sometimes

I was using Discord the other day. I tapped to zoom into an image, and it animated in an odd way that I'd seen before. Like this: Notice how it kinda 'swoops' into the wildcat's face, rather than zooming straight in? See how the right-hand side of the cat's head goes out-of-frame, and then back i...

WordPress Bunnys Print CSS plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bunnys Print CSS plugin that stems from missing or incorrect nonce validation of the pcssoptionssubpanel...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

PT-2025-25753 · Unknown · Microlight.Js

Name of the Vulnerable Software and Affected Versions: microlight.js version 0.0.7 Description: A null pointer dereference issue was discovered in a lightweight syntax highlighting library. The library fails to validate the result of a regular expression match before accessing its properties when...

CVE-2025-5925

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925

CVE-2025-5925 – Bunny’s Print CSS (WordPress) : Wordfence and related sources confirm a Cross-Site Request Forgery vulnerability in Bunny’s Print CSS plugin for WordPress versions up to 0.95. The root cause is missing or incorrect nonce validation in the pcss_options_subpanel() function, enabling...

CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

PT-2025-24610 · WordPress · Bunny'S Print Css

Name of the Vulnerable Software and Affected Versions: Bunny's Print CSS plugin for WordPress versions up to, and including, 0.95 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pcss options subpanel function. This allows...

WordPress plugin Bunnys Print CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bunnys Print CSS plugin that stems from missing or incorrect nonce validation of the pcssoptionssubpanel...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

WordPress Bunny’s Print CSS plugin <= 0.95 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Bunny’s Print CSS versions = 0.95...

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...

CVE-2025-5699

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...