13 matches found
EUVD-2026-43055
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
CVE-2026-13239
CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...
EUVD-2026-5339
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
EUVD-2025-206439
Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...
CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...
CVE-2025-8675 AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095
Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...
CVE-2024-13269 Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11...
CVE-2024-13240
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...
PT-2024-10229 · Drupal · Drupal Tooltip
Name of the Vulnerable Software and Affected Versions: Drupal Tooltip versions 0.0.0 through 1.1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS attacks. This can be exploited by a remote attacker to conduct...
PT-2025-2105 · Drupal · Ohdear Integration
Name of the Vulnerable Software and Affected Versions: OhDear Integration versions 0.0.0 through 2.0.3 Description: The issue is related to incorrect authorization in the OhDear Integration module for Drupal, allowing forceful browsing. This can enable a remote attacker to access confidential...
PT-2024-10094 · Drupal · Drupal Rest & Json Api Authentication
Name of the Vulnerable Software and Affected Versions: Drupal REST & JSON API Authentication versions 0.0.0 through 2.0.12 Description: The issue is related to an Incorrect Authorization vulnerability in Drupal REST & JSON API Authentication, allowing Forceful Browsing. This can enable a remote...
PT-2022-13408 · Unknown · Post-Loader
Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...
PT-2020-19656 · Npm · Express-Mock-Middleware
Name of the Vulnerable Software and Affected Versions: express-mock-middleware versions 0.0.0 through 0.0.6 Description: The issue allows exported functions by the package to be tricked into adding or modifying properties of the Object.prototype, which can be exploited by creating a new directory...