97 matches found
CVE-2026-26067
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
PT-2026-34002
October is a Content Management System CMS and web platform. Prior to 3.7.14 and 4.1.10, a server-side information disclosure vulnerability was identified in the handling of CSS preprocessor files. Backend users with Editor permissions could craft .less, .sass, or .scss files that leverage the...
CVE-2020-7601
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options...
Reflected Cross-Site Scripting (XSS)
NiceGUI is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or encoding in the ui.addcss, ui.addscss, and ui.addsass functions, which allows an attacker to inject closing tags and execute arbitrary JavaScript...
CVE-2025-66469
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66469 NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.addcss, ui.addscss, and ui.addsass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended or...
CVE-2025-66469
CVE-2025-66469 is a reported Reflected XSS in NiceGUI (Python UI framework). The vulnerability affects versions 3.3.1 and earlier and stems from insufficient sanitization/escaping in the functions ui.add_css, ui.add_scss, and ui.add_sass, which generate JavaScript contexts that can be broken out ...
GHSA-72QC-WXCH-74MG NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
Summary A Cross-Site Scripting XSS vulnerability exists in ui.addcss, ui.addscss, and ui.addsass functions in NiceGUI v3.3.1 and earlier. These functions allow developers to inject styles dynamically. However, they lack proper sanitization or encoding for the JavaScript context they generate. An...
EUVD-2021-1073
Malware in sbrugna...
EUVD-2025-31260
Malicious code in bioql PyPI...
EUVD-2022-6284
Malicious code in bioql PyPI...
EUVD-2025-12087
Malicious code in bioql PyPI...
EUVD-2025-31259
Malicious code in bioql PyPI...
EUVD-2024-46785
Malicious code in bioql PyPI...
EUVD-2025-9219
Malicious code in bioql PyPI...
CVE-2025-60144
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in yonifre Lenix scss compiler lenix-scss-compiler allows Stored XSS.This issue affects Lenix scss compiler: from n/a through = 1.2...
WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nabil Irawan in WordPress Plugin Lenix scss compiler versions = 1.2...
WordPress Lenix scss compiler Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Lenix scss compiler versions = 1.2...