CVE-2024-5943

The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...

UBUNTU-CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

The vulnerability of the sqlparse.parse() function in the SQL parser module for Python, Sqlparse, allows a hacker to cause a service failure.

The vulnerability of the sqlparse.parse function in the SQL parser module for Python, Sqlparse, is related to an uncontrolled recursion during the processing of deeply nested lists. Exploiting this vulnerability could allow a malicious actor to cause service failures...

django: Potential denial-of-service in django.utils.html.strip_tags()

A vulnerability was found in the Django Web Framework. The striptags and stripbtags template filter may be vulnerable to a potential denial of service DoS in cases of a large sequence of nested incomplete HTML entities...

CVE-2025-24579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through = 3.2.9...

CVE-2025-24579 WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through = 3.2.9...

CVE-2025-24579

CVE-2025-24579: Stored XSS in WordPress Nested Pages plugin (versions

CVE-2025-24579 WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through = 3.2.9...

WordPress Nested pages plugin <= 3.2.9 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO in WordPress Plugin Nested Pages versions = 3.2.9...

WordPress plugin Nested Pages 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-5419 · Unknown · Nested Pages

Name of the Vulnerable Software and Affected Versions: Nested Pages versions 3.2.9 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

Search Injection

Mongoose is vulnerable to Search Injection. The vulnerability is due to improper handling of a nested $where filter with a populate match, allows the improper handling of a nested $where filter with a populate match, which can be exploited for search injection attacks...

DEBIAN-CVE-2024-57916

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generichandleirq with handlenestedirq...

UBUNTU-CVE-2024-57916

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generichandleirq with handlenestedirq...

CVE-2024-57916 misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generichandleirq with handlenestedirq...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

CVE-2025-23061

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

Mongoose 代码注入漏洞

Mongoose is an Automattic open source modeling of MongoDB objects designed to work in an asynchronous environment. A code injection vulnerability exists in Mongoose versions prior to 8.9.5 that stems from incorrect use of nested filters and populate matches, resulting in search injection...

EUVD-2025-0106

Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900...

PT-2025-4804

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 8.9.5 Mongoose versions prior to 7.8.4 Mongoose versions prior to 6.13.6 Description Mongoose is susceptible to a search injection issue due to the improper handling of nested $where filters when used with populate...