Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause arbitrary CSS...

Malicious code in tailwindcss-forms (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 65ee27d0caf9bfc7ff677eb3a3ab32742a19c31bc8418b532bbf925c6a5c385b The package tailwindcss-forms was found to contain malicious code...

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

CVE-2025-65026

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability CWE-94 in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the ?module query parameter,...

EUVD-2025-199634

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

CVE-2025-61167

SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opaccss/ajaxselector.php component via the id and datas parameters...

GO-2025-4139 esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh...

Fedora 43 : webkitgtk (2025-6f3e9e3af6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f3e9e3af6 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...

SIGB PMB 安全漏洞

SIGB PMB is an open source integrated library management system from SIGB. A security vulnerability exists in SIGB PMB version v8.0.1.14, which stems from improper handling of the parameters id and datas in the component /opaccss/ajaxselector.php, which could lead to a SQL injection attack...

PT-2025-48069

Name of the Vulnerable Software and Affected Versions SIGB PMB version 8.0.1.14 Description The software contains multiple SQL injection flaws in the /opac css/ajax selector.php component. These flaws are triggered through the id and datas parameters. The component is susceptible to manipulation...

CVE-2025-61167

SIGB PMB v8.0.1.14 contains multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component, exploitable via the id and datas parameters. Root cause: improper handling of user-supplied input in that endpoint allows SQL commands to be injected, potentially leading to unauthoriz...

Malicious code in ids-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050d0a8d9340c416d7410787a1a7b2c5e6cec36eb17bacecca14a2cfbcbf76c5 The package ids-css was found to contain malicious code. Source: ghsa-malware 03812dbf5f0120164f355aae423e3fad2e899eb9164b4468f7fd91844d33b35e Any...

MAL-2025-191106 Malicious code in ids-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 050d0a8d9340c416d7410787a1a7b2c5e6cec36eb17bacecca14a2cfbcbf76c5 The package ids-css was found to contain malicious code. Source: ghsa-malware 03812dbf5f0120164f355aae423e3fad2e899eb9164b4468f7fd91844d33b35e Any...

@ids-sandbox/npm-test (>=0.0.1 <=0.0.6), ids-enterprise (>=4.67.0 <=4.68.6) +1 more potentially affected by unknown CVE via ids-css (=1.5.0)

ids-css NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on ids-css and may be impacted: - @ids-sandbox/npm-test =0.0.1, =4.67.0, =14.3.1, =17.2.1-dev.20240108 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191106...

EUVD-2025-199146

Malicious code in ids-css npm...

MAL-2025-191070 Malicious code in barebones-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6b6723c24807a6fb2e90c2f5e0f7238e1a2c25e2602ab7f4ba4bb3d0f13efe The package barebones-css was found to contain malicious code. Source: ghsa-malware 32d179a02b1e407d2a71cf2912a7c87d6419900b71e13260889103a40736d0f6...

EUVD-2025-199185

Malicious code in barebones-css npm...

Malicious code in barebones-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a6b6723c24807a6fb2e90c2f5e0f7238e1a2c25e2602ab7f4ba4bb3d0f13efe The package barebones-css was found to contain malicious code. Source: ghsa-malware 32d179a02b1e407d2a71cf2912a7c87d6419900b71e13260889103a40736d0f6...

MAL-2025-191136 Malicious code in obj-to-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16c28013383e05a71d5da9d3d7c0d685a6355e42251a9527e769061e13ce54bb The package obj-to-css was found to contain malicious code. Source: ghsa-malware ada9fa1c509e4ac91c240ba95d3953b53291943071c42aa967d243bd17682078 Any...

EUVD-2025-199227

Malicious code in obj-to-css npm...