12 matches found
CVE-2026-47344
When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...
CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-9673
Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...
📄 Forcepoint One Endpoint macOS 25.08.5008 DLP Bypass
Forcepoint One Endpoint DLP Endpoint for macOS version 25.08.5008 with DLP Policy Engine version 10.2.0.298 allows a local standard non-admin user to bypass DLP content inspection and policy enforcement by sending SIGSTOP to user-owned browser helper processes Websense Endpoint Helper,...
PT-2026-5483
Name of the Vulnerable Software and Affected Versions 10-Strike Bandwidth Monitor version 3.9 Description The software contains a buffer overflow issue that allows attackers to bypass SafeSEH, ASLR, and DEP protections. Exploitation occurs through crafted input sent to the application’s...
CVE-2022-1663
The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...
CVE-2022-1614
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...
Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...
Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. PoC Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...
CVE-2015-8954
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...
UBUNTU-CVE-2015-8954
The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...
Audiotran 1.4.2.4 - Local Overflow (SEH) (DEP Bypass)
Audiotran 1.4.2.4 - Local Overflow SEH DEP Bypass Exploit Title: Audiotran 1.4.2.4 SEH Overflow Exploit DEP Bypass Date: 09/20/10 Credit/Bug found by : Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Author: Muhamad Fadzil Ramli - mind1355 at gmail dot com Software Link:...