CVE-2026-7595 | nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0 Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection (Issue 246)

A vulnerability was found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. It has been classified as critical. Affected by this vulnerability is the function _format_plugins of the file .claude/skills/ui-styling/scripts/tailwind_config_gen.py of the component Tailwind Config Generator. This manipulation causes code injection.

This vulnerability is tracked as CVE-2026-7595. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The project was informed of the problem early through a pull request but has not reacted yet.

CVE-2026-7595 | nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0 Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection (Issue 246)

Post correlati

CVE-2024-29737 | Apache StreamPark up to 2.1.3 Project Module command injection

CVE-2025-5880 | Whistle 2.9.98 get-temp-file filename path traversal

CVE-2024-50381 | Snap One OvrC Cloud up to 7.2 MAC Address missing authentication (icsa-23-136-01)

CVE-2023-38295 | TCL 30Z/10 access control