219 matches found
Drupal CivicTheme Design System 安全漏洞
Drupal CivicTheme Design System is a theme design plugin for the Drupal community. A security vulnerability exists in Drupal CivicTheme Design System versions prior to 1.12.0, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
Drupal CivicTheme Design System 安全漏洞
Drupal CivicTheme Design System is a theme design plugin for the Drupal community. A security vulnerability exists in Drupal CivicTheme Design System versions prior to 1.12.0 that stems from improper authorization and could lead to a forced browsing attack...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12083
The CVE-2025-12083 entry concerns Drupal CivicTheme Design System prior to 1.12.0. The root cause is improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected component: CivicTheme Design System (Twig rendering paths) with input not adequately sani...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082
Summary of CVE-2025-12082 : Affected software is the Drupal CivicTheme Design System. The root cause is an incorrect authorization check that enables forceful browsing. This vulnerability allows disclosure of information via UI components (cards) that render content the user should not access. Im...
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
PT-2025-44361
Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description A flaw exists in the CivicTheme Design System that allows for Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The...
PT-2025-44360
Name of the Vulnerable Software and Affected Versions Drupal CivicTheme Design System versions prior to 1.12.0 Description An incorrect authorization issue exists in the CivicTheme Design System that allows for forceful browsing. This occurs due to insufficient access controls, potentially allowi...
Malicious code in ttb-design-system-webview (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-48880 Malicious code in ttb-design-system-webview (npm)
--- -= Per source details. Do not edit below this line.=-...
Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure vulnerability discovered by Lee Rowlands larowlan in WordPress Module CivicTheme Design System versions 1.12.0...
CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
CivicTheme is a design system and theme framework used to build content-rich Drupal websites. It includes editorial workflows, structured content types, and flexible theming components. The theme doesn't sufficiently check access to entities when they are displayed as reference cards used in manu...
Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS vulnerability discovered by Adam Bramley acbramley in WordPress Module CivicTheme Design System versions 1.12.0...
EUVD-2024-42784
Malicious code in bioql PyPI...
EUVD-2025-30115
Malicious code in bioql PyPI...
MAL-2025-47578 Malicious code in altoqitec-design-system-react (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in altoqitec-design-system-react (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in @yoobic/design-system (npm)
The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3dc662cb25b7ebe3c1d58e79387906ea93fed4e7034c6e415b1befd1971874a Any computer that has this package installed or running should be considered fully compromised. All...