MAL-2025-25205 Malicious code in levels-optimize-css-assets-webpack-plugin-hermes-callisto (npm)

The package levels-optimize-css-assets-webpack-plugin-hermes-callisto was found to contain malicious code...

MAL-2025-29539 Malicious code in postcss-loader-dotenv-safe-mini-css-extract-plugin-supervisor (npm)

The package postcss-loader-dotenv-safe-mini-css-extract-plugin-supervisor was found to contain malicious code...

MAL-2025-31765 Malicious code in react-atomic-css (npm)

The package react-atomic-css was found to contain malicious code...

MAL-2025-17797 Malicious code in css-sifymodules (npm)

The package css-sifymodules was found to contain malicious code...

MAL-2025-28363 Malicious code in optimize-css-assets-webpack-plugin-node-config-europa-native (npm)

The package optimize-css-assets-webpack-plugin-node-config-europa-native was found to contain malicious code...

MAL-2025-29314 Malicious code in pipe-css-loader-unuk-ursa (npm)

The package pipe-css-loader-unuk-ursa was found to contain malicious code...

Malicious code in enif-async-panspermia-mini-css-extract-plugin (npm)

The package enif-async-panspermia-mini-css-extract-plugin was found to contain malicious code...

Malicious code in hugo-draco-mini-css-extract-plugin-paleoanthropology (npm)

The package hugo-draco-mini-css-extract-plugin-paleoanthropology was found to contain malicious code...

Malicious code in mini-css-extract-plugin-materialize-technocracy-venus (npm)

The package mini-css-extract-plugin-materialize-technocracy-venus was found to contain malicious code...

Malicious code in server-mini-css-extract-plugin-orogeny-spawn (npm)

The package server-mini-css-extract-plugin-orogeny-spawn was found to contain malicious code...

Malicious code in mini-css-extract-plugin-jabbah-dotenv-safe-asthenosphere (npm)

The package mini-css-extract-plugin-jabbah-dotenv-safe-asthenosphere was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2020-26973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This...

WordPress HT Mega plugin path traversal vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress, offering over 100 custom widgets, 360+ preset modules, and a variety of templates for blogs, sliders, collapsible menus, and other page elements. A path traversal vulnerability exists in the WordPress HT Mega...

Linux Distros Unpatched Vulnerability : CVE-2022-31744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy...

Linux Distros Unpatched Vulnerability : CVE-2021-23996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could...

CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

CVE-2025-8151

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

CVE-2025-8151 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Path Traversal to Limited Arbitrary CSS File Actions

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'saveblockcss' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any director...

CVE-2025-8151

CVE-2025-8151 (HT Mega – Absolute Addons For Elementor) is a path traversal vulnerability in the WordPress plugin HT Mega up to version 2.9.1. The flaw resides in the save_block_css function and can be exploited by an authenticated user with Author+ privileges to create and delete CSS files in an...

PT-2025-31505 · Microsoft +1 · Windows +1

Name of the Vulnerable Software and Affected Versions: HT Mega – Absolute Addons For Elementor plugin for WordPress versions prior to 2.9.2 Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is susceptible to a path traversal issue. This allows authenticated attackers...