758 matches found
CVE-2026-14651
A flaw was found in grass, a Sass compiler. This vulnerability allows a local attacker to cause a Denial of Service DoS by manipulating specific functions within the compiler, such as grasscompiler::selector::extend or grasscompiler::evaluate::visitor. This can lead to the compiler becoming...
Malicious code in sass-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb75afd7831272c042cd125165c2af78dff7be9be44f5a9df12382dda56934a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
Malicious code in sass-formats (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...
Malicious Package
Overview sass-formats is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview sass-format is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
MAL-2026-5629 Malicious code in sass-formats (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ccda832d10cb642350129278ae1fc341d3be8b8302ddbf9bdcfc15eeeb6eae8 The package name sass-formats is one character-edit away from the popular sass-formatter package and reuses its original author field "author": "Syle...
MAL-2026-5628 Malicious code in sass-format (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfb75afd7831272c042cd125165c2af78dff7be9be44f5a9df12382dda56934a The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
JLSEC-2026-503
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...
JLSEC-2026-508
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthesescope in prelexer.hpp...
JLSEC-2026-506
LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in astselweave.cpp...
JLSEC-2026-505
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operatorSass::BinaryExpression in eval.cpp...
JLSEC-2026-507
LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parserselectors.cpp...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
PT-2026-34002
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
MAL-2026-2709 Malicious code in @appleseed-apple/ac-sass-kit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c09c442c9bf5d1d38099a4ea05b85daf5b071a2d9e6e87dc72d030ecd4ca5404 The package @appleseed-apple/ac-sass-kit was found to contain malicious code...
Azure Linux 3.0 Security Update: libsass (CVE-2022-43358)
The version of libsass installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-43358 advisory. - Stack overflow vulnerability in astselectors.cpp: in function Sass::ComplexSelector::hasplaceholder in...
Reflected Cross-Site Scripting (XSS)
NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...