Lucene search
K

18 matches found

OSV
OSV
added 2026/06/15 8:17 p.m.20 views

MAL-2026-5837 Malicious code in postcss-minify-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1bc7341d6762a6209e4bde3d99f31f1a8650b6971e64a19547b9f35e7a51abb3 Package is published as postcss-minify-selector singular but its internal postcss plugin identifier is postcss-minify-selectors plural — the canonica...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/06/13 7:17 a.m.33 views

MAL-2026-5737 Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

6AI score
Exploits0References10
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 7:17 a.m.47 views

Malicious code in postcss-minify-selector-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 957f5cbb74f4dd4b4770e8c9cc1a8aac88a4450cb01dbc0fa5242c42e343f54c The package name impersonates the widely-used postcss-selector-parser library which it also declares as a dependency and re-exports verbatim from...

6AI score
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/05/24 7:39 a.m.6 views

org.webjars.npm:coreui__coreui (=4.2.1), org.webjars.npm:css-loader (>=2.1.0 <=6.7.2) +19 more potentially affected by CVE-2026-9358 via org.webjars.npm:postcss-selector-parser (>=4.0.0-rc.1 <=7.1.0)

org.webjars.npm:postcss-selector-parser MAVEN version =4.0.0-rc.1, =2.1.0, =3.1.0, =7.0.1, =4.0.2, =2.0.6, =2.1.0, =4.1.2, =6.2.0 and more Source cves: CVE-2026-9358 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16873883...

5.3CVSS5.4AI score0.00325EPSS
Exploits0
Snyk
Snyk
added 2026/05/24 7:39 a.m.16 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/24 7:39 a.m.25 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS4.9AI score0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/05/24 6:16 a.m.5 views

UBUNTU-CVE-2026-9358

A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The...

5.3CVSS5.3AI score0.00325EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2023-0554

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00644EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2023/05/10 11:13 a.m.58 views

USN-6065-1: css-what vulnerabilities

It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33587, CVE-2022-21222...

7.5CVSS7.4AI score0.02267EPSS
Exploits1
OSV
OSV
added 2023/01/03 6:30 p.m.2 views

GHSA-V63Q-HGQC-QVPG MooTools Regular Expression Denial of Service

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

7.5CVSS7.1AI score0.00644EPSS
Exploits1References3
OSV
OSV
added 2023/01/03 5:15 p.m.2 views

DEBIAN-CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

7.5CVSS7.3AI score0.00644EPSS
Exploits1References1
OSV
OSV
added 2023/01/03 5:15 p.m.4 views

UBUNTU-CVE-2021-32821

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

7.5CVSS7.1AI score0.00644EPSS
Exploits1References3
CVE
CVE
added 2023/01/03 12:0 a.m.77 views

CVE-2021-32821

CVE-2021-32821 affects MooTools (JavaScript utilities). The issue is a vulnerability in MooTools’ CSS selector parser, where a crafted CSS selector can trigger a Regular Expression Denial of Service (ReDoS) at runtime. Exploitation requires injecting a string into a selector (e.g., via runtime qu...

7.5CVSS6.6AI score0.00644EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.7 views

mootools 资源管理错误漏洞

mootools is a library for web development with OOP support. A resource management error vulnerability exists in mootools, which stems from a CSS selector parser that includes a vulnerability to Regular Expression Denial of Service ReDoS attacks, which can be exploited to inject strings into CSS...

7.5CVSS7.3AI score0.00644EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/01/03 12:0 a.m.4 views

PT-2023-12174 · Mootools +1 · Mootools +1

Name of the Vulnerable Software and Affected Versions: MooTools versions all known versions Description: The issue concerns a CSS selector parser in MooTools that is vulnerable to Regular Expression Denial of Service ReDoS. An attack can occur if an attacker can inject a string into a CSS selecto...

7.5CVSS7.2AI score0.00644EPSS
Exploits1References15
Cvelist
Cvelist
added 2023/01/03 12:0 a.m.33 views

CVE-2021-32821 Regular expression Denial of Service in MooTools

MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service ReDoS. An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite...

6.2CVSS7.6AI score0.00644EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/01 12:0 a.m.7 views

Unspecified vulnerability in css-what

css-what is a CSS selector parser. A security vulnerability exists in css-what versions prior to 5.0.1, which stems from the fact that the css-what package does not ensure that property parsing has linear time complexity with respect to input size. No details of the vulnerability are available at...

7.5CVSS6.5AI score0.02267EPSS
Exploits0References1
CNVD
CNVD
added 2017/06/09 12:0 a.m.3 views

libcroco Denial of Service Vulnerability (CNVD-2017-11760)

libcroco is a CSS2 parsing library. A security vulnerability exists in the 'crparserparseselectorcore' function of the cr-parser.c file in libcroco version 0.6.12. A remote attacker can exploit this vulnerability to cause a denial of service infinite loop and CPU consumption with the help of a...

7.1CVSS6.8AI score0.12996EPSS
Exploits4References1
Rows per page
Query Builder