Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.6 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.4AI score0.00433EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 5:0 a.m.38 views

CVE-2026-9673

Versions of the package json-2-csv from 3.15.0 and before 5.5.11 are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas into CSV files, which execute when the files are opened in spreadsheet applications...

7CVSS0.00166EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/03/30 12:0 a.m.134 views

📄 Forcepoint One Endpoint macOS 25.08.5008 DLP Bypass

Forcepoint One Endpoint DLP Endpoint for macOS version 25.08.5008 with DLP Policy Engine version 10.2.0.298 allows a local standard non-admin user to bypass DLP content inspection and policy enforcement by sending SIGSTOP to user-owned browser helper processes Websense Endpoint Helper,...

6.5CVSS6.6AI score0.00952EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.7 views

PT-2026-5483

Name of the Vulnerable Software and Affected Versions 10-Strike Bandwidth Monitor version 3.9 Description The software contains a buffer overflow issue that allows attackers to bypass SafeSEH, ASLR, and DEP protections. Exploitation occurs through crafted input sent to the application’s...

9.8CVSS6.7AI score0.00709EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 11:31 p.m.3 views

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

6.5CVSS6.8AI score0.00546EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/20 11:15 a.m.4 views

CVE-2022-1614

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based anti-spamming restrictions...

7.5CVSS7.1AI score0.01105EPSS
Exploits2References2
wpexploit
wpexploit
added 2018/10/02 12:0 a.m.76 views

Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

0.9AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2018/10/02 12:0 a.m.9 views

Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. PoC Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

0.8AI score
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/03/20 4:59 p.m.18 views

CVE-2015-8954

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...

9.8CVSS7.3AI score0.03258EPSS
Exploits0References2
OSV
OSV
added 2017/03/20 4:59 p.m.4 views

UBUNTU-CVE-2015-8954

The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request...

9.8CVSS7.3AI score0.03258EPSS
Exploits0References3
exploitpack
exploitpack
added 2010/09/19 12:0 a.m.11 views

Audiotran 1.4.2.4 - Local Overflow (SEH) (DEP Bypass)

Audiotran 1.4.2.4 - Local Overflow SEH DEP Bypass Exploit Title: Audiotran 1.4.2.4 SEH Overflow Exploit DEP Bypass Date: 09/20/10 Credit/Bug found by : Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Author: Muhamad Fadzil Ramli - mind1355 at gmail dot com Software Link:...

0.5AI score
Exploits0
Rows per page
Query Builder