EUVD-2026-10332

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

CVE-2026-27023 Twenty: SSRF protection bypass via HTTP redirect following in secure HTTP client

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

EUVD-2026-9845

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

CVE-2026-27023

Twenty is an open source CRM. Prior to version 1.18, the SSRF protection in SecureHttpClientService validated request URLs at the request level but did not validate redirect targets. An authenticated user who could control outbound request URLs e.g., webhook endpoints, image URLs could bypass...

Devolutions Server security vulnerabilities

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.12 contained a security vulnerability caused by improper authorization in...

WordPress plugin Login Lockdown & Protection 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security feature issue...

EUVD-2013-6960

Malware in sbrugna...

EUVD-2020-18850

Malware in sbrugna...

CVE-2002-2337

Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets...

CVE-2024-13405 Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block

The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awpipdeny' page. This makes it possible for unauthenticated attackers to block IP addresses via a...

PT-2025-6816 · WordPress · Media Library Folders

Name of the Vulnerable Software and Affected Versions: Media Library Folders plugin for WordPress versions up to, and including, 8.3.0 Description: The issue is related to a missing capability check on several AJAX actions, allowing authenticated attackers with Author-level access and above to...

SUSE CVE-2024-6284

In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended might block or not block the desired addresses. This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was fixe...

CVE-2025-24354

imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2...

GO-2024-2571 Invalid block proposal in github.com/cosmos/cosmos-sdk

Invalid block proposal in github.com/cosmos/cosmos-sdk...

PT-2023-25417 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 1.0 Description: A critical issue has been found in the Registration Page component of the affected software, leading to improper restriction of excessive authentication attempts. This can be exploite...

CVE-2022-2362 Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

WordPress Download Manager plugin <= 3.2.49 - Bypass IP Address Blocking Restriction vulnerability

Bypass IP Address Blocking Restriction vulnerability discovered by Raad Haddad in WordPress Download Manager plugin versions = 3.2.49. Solution Update the WordPress Download Manager plugin to the latest available version at least 3.2.50...

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. PoC When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...

Download Manager < 3.2.50 - Bypass IP Address Blocking Restriction

The plugin prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions. When downloading a file, add an X-Forwarded-For header that contains a random IP address to your request...