CVE-2023-38502

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

CVE-2023-22898

workers/extractor.py in Pandora aka pandora-analysis/pandora 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive aka ZIP bomb...

CVE-2022-34182

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2022-1990

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

CVE-2021-21680

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...

CVE-2020-1898

The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2013-2583

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript: URL, 2 malformed nested...

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

CVE-2009-5073

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.59 aka 6.0.0.8-TIV-ITDS-IF0001 allows remote authenticated users to cause a denial of service infinite loop and daemon hang by adding a nested group that contains the Distinguished Name DN of its parent entry...

CVE-2025-37915 net_sched: drr: Fix double list add in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr,...

Stack Based Buffer Overflow

MaterialX is vulnerable to stack-based buffer overflow. The vulnerability is due to the lack of a limit on nested file import recursion, which allows an attacker to craft deeply chained MaterialX file imports leading to a crash of the process...

CVE-2024-8759

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SUSE CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

CVE-2024-8759

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8759

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8759

CVE-2024-8759 affects the WordPress Nested Pages plugin (versions prior to 3.2.9). The issue arises from insufficient sanitisation and escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The root ...

CVE-2024-8759 Nested Pages <= 3.2.8 - Editor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-8759 Nested Pages <= 3.2.8 - Editor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...