@agreejs/cli (>=0.0.1 <=3.2.43), @agreejs/rn-runner (>=3.2.1 <=3.2.15) +98 more potentially affected by CVE-2025-5896 via taro-css-to-react-native (>=1.3.0-beta.1 <=4.1.2-alpha.2)

taro-css-to-react-native NPM version =1.3.0-beta.1, =0.0.1, =3.2.1, =3.2.1, =1.0.0, =1.0.0, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0, =1.1.5, =1.0.0, =1.3.2 - @c-art/convert-cli =1.1.0 - @d-bigfish/cli =1.0.14 - @d1m-atom/taro-vue-cli =1.0.5 and more Source cves: CVE-2025-5896 Source advisory:...

GHSA-F5XG-CFPJ-2MW6 taro-css-to-react-native Regular Expression Denial of Service vulnerability

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely...

WordPress Bunny’s Print CSS plugin <= 0.95 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Nabil Irawan in WordPress Plugin Bunny’s Print CSS versions = 0.95...

NervJS taro 安全漏洞

NervJS taro is an open cross-end cross-framework solution open-sourced by NervJS. A security vulnerability exists in NervJS taro version 4.1.1 and earlier, which stems from an incorrect manipulation of the file taro/packages/css-to-react-native/src/index.js resulting in inefficient regular...

CVE-2025-5699

The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

OESA-2025-1597 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for...

OESA-2025-1593 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading csssets for migration Each cset cssset is pinned by its tasks. When we're moving tasks around across csets for...

CVE-2025-5699

CVE-2025-5699 involves the Developer Formatter WordPress plugin. A stored cross-site scripting (XSS) flaw exists in Custom CSS handling across all versions up to 2015.0.2.1, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated admin-level access and c...

CVE-2025-48883

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...

CVE-2025-48883

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...

CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector`

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...

Chrome PHP 跨站脚本漏洞

Chrome PHP is a headless chrome/chrome instance in PHP from the Chrome PHP open source. A cross-site scripting vulnerability exists in Chrome PHP versions prior to 1.14.0 that stems from a CSS selector expression that is not properly encoded, which could lead to a cross-site scripting attack...

Cross-site Scripting (XSS)

chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...

SUSE-SU-2025:01746-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...

Cross-site Scripting (XSS)

Overview chrome-php/chrome is an Instrument headless chrome/chromium instances from PHP Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper encoding in CssSelector. An attacker can inject malicious scripts by crafting malicious CSS Selector expressions...

Chrome PHP is missing encoding in `CssSelector`

Impact CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. Patches This is patched in v1.14.0. Workarounds Users can apply encoding manually to their selectors, if they are unable to upgrade...

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...

PT-2025-23223 · Unknown · Chrome Php

Name of the Vulnerable Software and Affected Versions: Chrome PHP versions prior to 1.14.0 Description: The issue arises from CSS Selector expressions not being properly encoded, leading to potential cross-site scripting XSS vulnerabilities. There is no information provided about the estimated...

SUSE-SU-2025:01720-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...