Malicious code in shopify-css-import (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02612f811f0437cad89ff886ab8950df3e8e2a8ecc3c285747a833e50420ee7b Any computer that has this package installed or running should be considered...

MAL-2025-6124 Malicious code in shopify-css-import (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 02612f811f0437cad89ff886ab8950df3e8e2a8ecc3c285747a833e50420ee7b Any computer that has this package installed or running should be considered...

📄 SugarCRM 14.0.0 Code Injection / SSRF / File Read

SugarCRM versions 14.0.0 and below suffer from a LESS code injection vulnerability. User input passed through GET parameters to the /css/preview REST API endpoint is not properly sanitized before parsing it as LESS code. This can be exploited by remote, unauthenticated attackers to inject and...

MAL-2025-5683 Malicious code in css-keylogger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d7d5c0eac76577da5186e985efd72018e773d9ada891e44852188b9e5cd8632 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in css-keylogger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d7d5c0eac76577da5186e985efd72018e773d9ada891e44852188b9e5cd8632 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

webkitgtk: CSS compositing issue leading to revealing of the browsing history

A flaw was found in the way WebKitGTK performed CSS compositing. A malicious web site could possibly use this flaw to reveal user's browsing history...

Fedora 42 : webkitgtk (2025-40aeebe6d2)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-40aeebe6d2 advisory. Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thre...

Malicious code in dropdown_styles.css (npm)

The package communicates with a domain associated with malicious activity...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

Animating zooming using CSS: transform order is important… sometimes

I was using Discord the other day. I tapped to zoom into an image, and it animated in an odd way that I'd seen before. Like this: Notice how it kinda 'swoops' into the wildcat's face, rather than zooming straight in? See how the right-hand side of the cat's head goes out-of-frame, and then back i...

PT-2025-25753 · Unknown · Microlight.Js

Name of the Vulnerable Software and Affected Versions: microlight.js version 0.0.7 Description: A null pointer dereference issue was discovered in a lightweight syntax highlighting library. The library fails to validate the result of a regular expression match before accessing its properties when...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...

WordPress Bunnys Print CSS plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bunnys Print CSS plugin that stems from missing or incorrect nonce validation of the pcssoptionssubpanel...

CVE-2025-5925

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925

CVE-2025-5925 – Bunny’s Print CSS (WordPress) : Wordfence and related sources confirm a Cross-Site Request Forgery vulnerability in Bunny’s Print CSS plugin for WordPress versions up to 0.95. The root cause is missing or incorrect nonce validation in the pcss_options_subpanel() function, enabling...

CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

CVE-2025-5925 Bunny’s Print CSS <= 0.95 - Cross-Site Request Forgery to Settings Update

The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect nonce validation on the pcssoptionssubpanel function. This makes it possible for unauthenticated attackers to update settings via ...

PT-2025-24610 · WordPress · Bunny'S Print Css

Name of the Vulnerable Software and Affected Versions: Bunny's Print CSS plugin for WordPress versions up to, and including, 0.95 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the pcss options subpanel function. This allows...

WordPress plugin Bunnys Print CSS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Bunnys Print CSS plugin that stems from missing or incorrect nonce validation of the pcssoptionssubpanel...