GHSA-P9WX-2529-FP83 Marked allows Regular Expression Denial of Service (ReDoS) attacks

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

DEBIAN-CVE-2018-25110

Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service ReDoS attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability by providing specially crafted markdown...

CVE-2025-24579

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages wp-nested-pages allows Stored XSS.This issue affects Nested Pages: from n/a through = 3.2.9...

CVE-2024-6611

A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2024-36577

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

CVE-2024-35189

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...

CVE-2024-51831

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aboutorab Pourhaghani Persian Nested Show/Hide Text persian-nested-showhide-text allows Stored XSS.This issue affects Persian Nested Show/Hide Text: from n/a through = 1.5...

CVE-2023-38502

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue...

CVE-2023-22898

workers/extractor.py in Pandora aka pandora-analysis/pandora 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive aka ZIP bomb...

CVE-2022-34182

Jenkins Nested View Plugin 1.20 through 1.25 both inclusive does not escape search parameters, resulting in a reflected cross-site scripting XSS vulnerability...

CVE-2022-1990

The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

CVE-2021-27889

Cross-site Scripting XSS vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages...

CVE-2021-21680

Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML external entity XXE attacks...

CVE-2020-1898

The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

CVE-2013-2583

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript: URL, 2 malformed nested...

CVE-2019-11391

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with $a at the beginning and nested repetition operators. NOTE: the softwa...

CVE-2009-5073

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.59 aka 6.0.0.8-TIV-ITDS-IF0001 allows remote authenticated users to cause a denial of service infinite loop and daemon hang by adding a nested group that contains the Distinguished Name DN of its parent entry...

CVE-2025-37915 net_sched: drr: Fix double list add in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr,...

Stack Based Buffer Overflow

MaterialX is vulnerable to stack-based buffer overflow. The vulnerability is due to the lack of a limit on nested file import recursion, which allows an attacker to craft deeply chained MaterialX file imports leading to a crash of the process...