apollo-rs 安全漏洞

apollo-rs is an Apollo GraphQL open source compliant GraphQL tool in Rust. A security vulnerability exists in versions of apollo-rs prior to 1.27.0 that stems from improper handling of deeply nested fragments, which could lead to a denial of service...

CLSA-2025-1743763948 libxslt: Fix of CVE-2025-24855

CVE-2025-24855: fix use-after-free issue in numbers.c by restoring XPath context node in nested XPath evaluations...

CVE-2025-3197

Versions of the package expand-object from 0.0.0 are vulnerable to Prototype Pollution in the expand function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like proto...

PT-2025-18395

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc3 Description A vulnerability in the Linux kernel has been resolved, specifically in the KVM Kernel-based Virtual Machine module. The issue arises when the vCPU is in L2 with INIT and a TRIPLE FAULT...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError

A nested data handling flaw was found in Jackson Core. When parsing particularly deeply nested data structures, a StackoverflowError can occur...

libxslt: Use-After-Free in libxslt numbers.c

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-24839 DESCRIPTION: Sparkle Motion Nokogiri is vulnerable to a denial of...

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.

...

CVE-2025-0718

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CBL Mariner 2.0 Security Update: libxslt (CVE-2025-24855)

The version of libxslt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24855 advisory. - numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath...

libxslt: Use-After-Free in libxslt numbers.c

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored...

WordPress Nested Pages plugin < 3.2.13 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Dmitrii ignatyev in WordPress Plugin Nested Pages versions 3.2.13...

CVE-2025-0718

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0718

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0718 Nested Pages < 3.2.13 - Contributor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0718 Nested Pages < 3.2.13 - Contributor+ Stored XSS

The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0718

CVE-2025-0718 affects the Nested Pages WordPress plugin up to 3.2.12 (vulnerability would be present before 3.2.13). It permits Stored XSS via unsanitised/unstable configuration settings, potentially abused by high-privilege users (e.g., contributors), even when unfiltered_html is disallowed. Roo...

WordPress plugin Nested Pages 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

OESA-2025-1296 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue related to exclusion of result prefixes.CVE-2024-55549 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath...