40348 matches found
CVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
CVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
CVE-2020-37056 Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP values across X-Forwarded-For, X-Client-IP, and X-Real-IP headers to circumvent security checks and...
http-protection security vulnerabilities
http-protection is a network attack protection library developed by Rogério Zambon. Version 0.2.0 of http-protection contains security vulnerabilities; these vulnerabilities stem from IP spoofing, which may allow attackers to bypass the protected middleware and gain unauthorized access...
WordPress Plugin WP Directory Kit Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP Directory Kit has an information disclosure vulnerability, the vulnerabilit...
PT-2026-5492
Name of the Vulnerable Software and Affected Versions Crystal Shard http-protection version 0.2.0 Description The software contains an IP spoofing issue that allows attackers to bypass protection middleware. This is achieved by manipulating request headers to hardcode consistent IP values across...
CVE-2025-13918
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are...
CVE-2025-13919
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
Meta confirms it’s working on premium subscription for its apps
Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...
New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data
Generative AI and agentic AI are redefining how organizations innovate and operate, unlocking new levels of productivity, creativity and collaboration across industry teams. From accelerating content creation to streamlining workflows, AI offers transformative benefits that empower organizations ...
CVE-2026-23568
An out-of-bounds read vulnerability in the TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked...
ROS-20260129-73-0068
Vulnerability in firefox related to a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
CVE-2020-36939
Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache...
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-68662 FinalDestination hostname matching allows SSRF protection bypass
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and...
CVE-2025-13918
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are...
CVE-2025-13919
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...
CVE-2025-13919
The CVE-2025-13919 entry concerns Symantec Endpoint Protection Client vulnerabilities, specifically a COM Hijacking issue in Windows where references in the COM registry can be hijacked to establish persistence and evade detection. Affected software is SEP Client versions prior to 14.3 RU10 Patch...
CVE-2025-13919 Component Object Model (COM) Hijacking in Symantec Endpoint Protection Windows Client
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type of issue whereby an attacker attempts to establish persistence and evade detection by hijacking COM references in the Windows Registry...