Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 3 days ago6 views

PT-2026-56662

Name of the Vulnerable Software and Affected Versions Drupal Siteimprove Analytics versions 0.0.0 through 2.0.1 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module fails to sufficiently sanitize the Siteimprove Analytics identificati...

6.1AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-5906

Malware in sbrugna...

6.1CVSS6.3AI score0.00846EPSS
Exploits0References2
Drupal
Drupal
added 2025/06/25 12:0 a.m.25 views

Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083

Simple XML sitemap is a SEO module that allows creating various XML sitemaps of the site's content and submitting them to search engines. The module doesn't sufficiently sanitize input when administering it, which leads to a Cross-site scripting XSS attack vector. This vulnerability is mitigated ...

5.4CVSS5.6AI score0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.10 views

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

6.1CVSS6.5AI score0.00846EPSS
Exploits0References1
OSV
OSV
added 2025/04/23 4:59 p.m.10 views

DRUPAL-CONTRIB-2025-043

Block Class enables you to add custom attributes to blocks. The module did not sufficiently sanitize custom attribute input, allowing for potential XSS attacks when malicious JavaScript was injected as a custom attribute. This vulnerability is mitigated by the fact that an attacker must have a ro...

6.1CVSS6.2AI score0.00198EPSS
Exploits0References1
Drupal
Drupal
added 2022/09/28 12:0 a.m.55 views

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016

Drupal uses the Twig third-party library for content templating and sanitization. Twig has released a security update that affects Drupal. Twig has rated the vulnerability as high severity. Drupal core's code extending Twig has also been updated to mitigate a related vulnerability. Multiple...

7.5CVSS1.7AI score0.01557EPSS
Exploits0References21
Veracode
Veracode
added 2021/07/01 9:23 a.m.19 views

Remote Code Execution (RCE)

cms is vulnerable to Remote Code Execution. The vulnerability exists due to the system not restricting administrative permission to save to a Local volume with the File System Path setting set to a system directory after an attacker is able to hijack an administrator's session...

9.8CVSS3.4AI score0.02819EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/12/19 5:2 a.m.16 views

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

4.9AI score0.00552EPSS
Exploits0References1
NVD
NVD
added 2019/01/22 3:29 p.m.17 views

CVE-2019-6339

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

9.8CVSS9.7AI score0.33228EPSS
Exploits0References3
Prion
Prion
added 2019/01/22 3:29 p.m.17 views

Remote code execution

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

7.5CVSS9.5AI score0.33228EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/01/22 3:29 p.m.25 views

CVE-2019-6339

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

9.8CVSS9.7AI score
Exploits0References3
Debian CVE
Debian CVE
added 2019/01/22 3:0 p.m.31 views

CVE-2019-6339

Removed by vendor...

9.8CVSS9.4AI score0.33228EPSS
Exploits0
FreeBSD
FreeBSD
added 2019/01/16 12:0 a.m.20 views

drupal -- Drupal core - Arbitrary PHP code execution

Drupal Security Team reports: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing file operations on insufficiently validated user input, thereb...

2.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2016/01/07 12:0 a.m.40 views

Ubuntu: Security Advisory (USN-2857-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.4AI score0.22374EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2016/01/06 12:0 a.m.36 views

Ubuntu 15.04 : linux vulnerability (USN-2857-1)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

7.2CVSS7.4AI score0.22374EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2016/01/06 12:0 a.m.42 views

Ubuntu 15.10 : linux vulnerability (USN-2858-1)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

7.2CVSS7.4AI score0.22374EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2016/01/06 12:0 a.m.33 views

Ubuntu 15.10 : linux-raspi2 vulnerability (USN-2858-3)

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges. Note that Tenable Network Security has...

7.2CVSS7.4AI score0.22374EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2016/01/06 12:0 a.m.58 views

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerability (USN-2858-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2858-2 advisory. Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files...

7.2CVSS7.5AI score0.22374EPSS
Exploits12References2
Ubuntu
Ubuntu
added 2016/01/05 9:27 p.m.71 views

USN-2858-2: Linux kernel (Wily HWE) vulnerability

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges...

7.2CVSS6.7AI score0.22374EPSS
Exploits12
Ubuntu
Ubuntu
added 2016/01/05 9:19 p.m.55 views

USN-2858-1: Linux kernel vulnerability

Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges...

7.2CVSS6.7AI score0.22374EPSS
Exploits12
Rows per page
Query Builder