Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-25277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent...

7.2CVSS7.8AI score0.01422EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/26 12:0 a.m.9 views

CVE-2022-25277

Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference: SA-CORE-2019-010. However, the protections for these two vulnerabilities previously did...

7.5AI score0.01422EPSS
Exploits0References1
CVE
CVE
added 2023/04/26 12:0 a.m.435 views

CVE-2022-25277

CVE-2022-25277 concerns Drupal core file upload sanitization. The issue arises when a site allows uploading files with an htaccess extension and the two protections (sanitizing dangerous extensions and stripping leading/trailing dots) do not interact correctly, potentially bypassing default Drupa...

7.2CVSS7.3AI score0.01422EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2022/07/25 8:3 a.m.6 views

CVE-2022-25277

creationtimestamp| type| source ---|---|--- 2022-07-25 08:03:21+00:00| seen| https://t.me/codebysec/6298 2022-07-25 15:27:02+00:00| seen| https://t.me/truesecator/3213 2022-07-31 01:47:01+00:00| seen| https://t.me/MrVGunz/360 2023-04-26 18:25:50+00:00| seen| https://t.me/cibsecurity/62896...

7.2CVSS6.9AI score0.01422EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/07/25 12:0 a.m.23 views

Drupal RCE Vulnerability (SA-CORE-2022-014) - Windows

Drupal is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.2CVSS7.4AI score0.01422EPSS
Exploits0References1
NCSC
NCSC
added 2022/07/21 12:0 a.m.4 views

Vulnerabilities fixed in Drupal

Drupal developers have fixed multiple vulnerabilities in Drupal core. The vulnerabilities can lead to the following categories of damage: Remote code execution Administrator/Root permissions. Access to sensitive data Increased user privileges Cross-Site Scripting XSS The vulnerability with...

7.5CVSS7.2AI score0.01422EPSS
Exploits0
Rows per page
Query Builder