PT-2025-21535 · WordPress · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages WordPress plugin versions prior to 3.2.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...

WordPress plugin Nested Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

DEBIAN-CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

UBUNTU-CVE-2025-3909

Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...

libxslt: Use-After-Free in libxslt numbers.c

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...

go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion

A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

PT-2025-29005

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc5-syzkaller-00038-g707df3375124 Description: A warning was triggered in the get bpf raw tp regs function due to a potential issue with nested calls in tracepoints like trace mmap lock acquire returned...

CLSA-2025-1746792031 golang: Fix of 2 CVEs

CVE-2024-34156: prevent prevents stack exhaustion when attempting to decode a message that contains an extremely deeply nested struct - CVE-2023-45287: replace big.Int for encryption and decryption...

SUSE CVE-2025-37815

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler associated with the generated IRQ. This is done by acquiring the spinlock and storing the current...

PT-2025-23157

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns unsafe attribute parsing in the output userspace function of the openvswitch module in the Linux kernel. A patch has been applied to replace manual Netlink attribute...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

snakeyaml: Denial of Service due to missing nested depth limitation for collections

A flaw was found in the org.yaml.snakeyaml package. This flaw allows an attacker to cause a denial of service DoS due to missing nested depth limitation for collections...

CLSA-2025-1746188001 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

CLSA-2025-1746187509 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

CLSA-2025-1746187414 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability when parsing deeply nested entity references...

SUSE CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

DEBIAN-CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

UBUNTU-CVE-2025-37789

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check that the attribute is OK first...

UBUNTU-CVE-2025-23141

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVMGETMPSTATE to protect guest memory accesses Acquire a lock on kvm-srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e. processing pending IN...