PT-2025-43158

Name of the Vulnerable Software and Affected Versions FRESHFACE Custom CSS versions through 1.4.0 Description An authorization issue exists in the FRESHFACE Custom CSS custom-css-editor, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update...

WordPress plugin Custom CSS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Malicious Package

Overview webpack-css-load-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

Malicious code in webpack-css-load-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebc3a0cfad4acfa46f4ea9e57edb732f20403908d855eca202b5ad08df232468 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-35143

Malicious code in webpack-css-load-branch npm...

MAL-2025-48538 Malicious code in webpack-css-load-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ebc3a0cfad4acfa46f4ea9e57edb732f20403908d855eca202b5ad08df232468 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-34891

A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...

Malicious code in css-platform-js (npm)

The package css-platform-js was found to contain malicious code...

MAL-2025-48489 Malicious code in css-platform-js (npm)

The package css-platform-js was found to contain malicious code...

Malicious Package

Overview vite-css-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Debian: Security Advisory (DLA-4333-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4333-1] php-horde-css-parser security update

Debian LTS Advisory DLA-4333-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson October 14, 2025 https://wiki.debian.org/LTS Package : php-horde-css-parser Version : 1.0.11-8+deb11u1 CVE ID : CVE-2020-13756 Debian Bug : Sabberworm PHP CSS Parser before 8.3.1 cal...

Debian dla-4333 : php-horde-css-parser - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4333 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4333-1 [email protected] https://www.debian.org/lts/security/...

EUVD-2025-33928

Malicious code in webpack-load-css-branch npm...

Malicious code in webpack-load-css-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fdf10edf9a7aa5d5eec0a8fea00190c4abb0beb6c3701a205d9d7527332e15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview webpack-load-css-branch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2025-48349 Malicious code in webpack-load-css-branch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0fdf10edf9a7aa5d5eec0a8fea00190c4abb0beb6c3701a205d9d7527332e15c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview webpack-css-branch-loader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

MAL-2025-48311 Malicious code in webpack-css-branch-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9c3abce2732c0f6e7c2ee0eac71d52075273095303405274ebc0b32dd072c82a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Custom CSS plugin <= 1.4.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Custom CSS versions = 1.4.0...