CVE-2026-10552

The CVE-2026-10552 entry concerns the WordPress plugin Blue Captcha (versions up to 2.0.1). It documents a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the main admin page (blcap_main_page) and on Hall of Shame and Log subpages. These pages accept a bl...

CVE-2026-48692

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...

UBUNTU-CVE-2026-27824

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

CVE-2026-27824 calibre has IP Ban Bypass via X-Forwarded-For Header Spoofing

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.4.0, the calibre Content Server's brute-force protection mechanism uses a ban key derived from both remoteaddr and the X-Forwarded-For header. Since the X-Forwarded-For header i...

EUVD-2006-7029

Malware in sbrugna...

EUVD-2010-0668

Malware in sbrugna...

EUVD-2014-9234

Malware in sbrugna...

EUVD-2024-51490

Malicious code in bioql PyPI...

Malicious code in valid-ip-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8178b30a109e454369e72c1f8e3c53686457f2af96fee398ca102ad91681e92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3133 Malicious code in valid-ip-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8178b30a109e454369e72c1f8e3c53686457f2af96fee398ca102ad91681e92 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Smart IP Ban module in the Drupal CMS system allows a violator to view and modify settings.

The vulnerability of the Smart IP Ban module in the Drupal CMS system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to remotely view and modify settings...

CVE-2024-13277

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1...

CVE-2024-13277

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1...

CVE-2024-13277 Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1...

CVE-2024-13277

CVE-2024-13277 affects the Drupal Smart IP Ban module (versions 7.X-1.0 through 7.X-1.1). The issue is improper/incorrect authorization enabling forceful browsing to view/modify module settings or restricted paths. Root cause: insufficient authorization controls in the Smart IP Ban plugin. Impact...

CVE-2024-13277 Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Smart IP Ban versions 7.X-1.0 through 7.X-1.1, which stems from the inclusion of an authorization error vulnerability...

MAL-2024-11122 Malicious code in req-ip-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42ccb3d9a195046654b07e64e09e577fa33552b38ebea8854c5fffc5fed5043f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041

The Smart IP Ban module enables a site to automatically ban an IP address based upon too many failed authentications. The module doesn't sufficiently protect access to certain paths provided by the module allowing a malicious user to view and modify the settings...

PT-2025-2092 · Drupal · Drupal Cms +1

Name of the Vulnerable Software and Affected Versions: Drupal Smart IP Ban versions 7.X-1.0 through 7.X-1.0 Description: The issue is related to insufficient authorization mechanisms in the Smart IP Ban module for the Drupal CMS, allowing a remote attacker to view and modify settings. This can le...