750 matches found
JLSEC-2026-508
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
JLSEC-2026-505
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...
JLSEC-2026-506
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in astselweave.cpp...
JLSEC-2026-503
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...
JLSEC-2026-507
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parserselectors.cpp...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
PT-2026-34002
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
MAL-2026-2709 Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
Azure Linux 3.0 Security Update: libsass (CVE-2022-43358)
The version of libsass installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43358 advisory. - Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in...
Reflected Cross-Site Scripting (XSS)
NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66469
CVE-2025-66469 is a reported Reflected XSS in NiceGUI (Python UI framework). The vulnerability affects versions 3.3.1 and earlier and stems from insufficient sanitization/escaping in the functions ui.add_css, ui.add_scss, and ui.add_sass, which generate JavaScript contexts that can be broken out ...
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
GHSA-72QC-WXCH-74MG NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...
EUVD-2025-179790
Malicious code in chakra-ui-standard-nuxtjs-sass-loader npm...
EUVD-2025-177563
Malicious code in node-sass-luna-ora-terser-webpack-plugin npm...
EUVD-2025-179515
Malicious code in cressida-cybernetics-rollup-plugin-node-sass npm...