Drupal IFrame Remove Filter module < 2.0.5 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module IFrame Remove Filter versions 2.0.5...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Conrad Lara cmlara in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't invoke two factor authentication 2FA for the password reset option. This vulnerability is mitigated by the fact that an attacker must have access to the password reset link...

Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery CSRF attacks...

Drupal Enterprise MFA - TFA for Drupal module < 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability

Drupal Enterprise MFA - TFA for Drupal module 4.7.0,5.0.0-5.1.0 - Unauthenticated Broken Access Control vulnerability discovered by Juraj Nemec poker10 in WordPress Module Enterprise MFA - TFA for Drupal versions 4.7.0,5.0.0-5.1.0...

Drupal Restrict route by IP module < 1.3.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Juraj Nemec poker10 in WordPress Module Restrict route by IP versions 1.3.0...

Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently check whether the TOTP token is already used or not for authenticator-based second-factor methods. This vulnerability is mitigated by the fact that an attacker must...

PT-2025-17660 · Drupal · Sportsleague

Name of the Vulnerable Software and Affected Versions: Sportsleague versions . Description: The issue affects the Sportsleague module in Drupal, but specific details about the nature of the issue are not provided in the available information. Recommendations: At the moment, there is no informatio...

Drupal Bootstrap Site Alert module < 1.13.0,3.0.0-3.0.3 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Mitch Portier arkener in WordPress Module Bootstrap Site Alert versions 1.13.0,3.0.0-3.0.3...

Drupal baguetteBox.Js 安全漏洞

Drupal baguetteBox.Js is a Drupal module from the Drupal community. A security vulnerability exists in Drupal baguetteBox.Js versions prior to 2.0.4 and versions prior to 3.0.0 to 3.0.1, which stems from improper input neutralization and could lead to cross-site scripting...

Drupal baguetteBox.js module < 2.0.4,3.0.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module baguetteBox.js versions 2.0.4,3.0.0...

DRUPAL-CONTRIB-2025-028

This module enables users to log in using a short access code instead of providing a username/password combination. The module doesn't sufficiently protect against brute force attacks to guess a user's access code. This vulnerability is mitigated by the fact that access code based logins are off ...

DRUPAL-CONTRIB-2025-027

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs...

Drupal Email TFA 安全漏洞

Drupal Email TFA is a Drupal community module that provides email-based two-factor authentication functionality for Drupal. A security vulnerability exists in Drupal Email TFA versions prior to 2.0.3, which stems from weak authentication and could lead to brute force exploits...

Drupal Matomo Analytics 跨站请求伪造漏洞

Drupal Matomo Analytics is a Drupal community module for integrating Matomo an open source web analytics platform into Drupal websites to track and analyze user behavior. A cross-site request forgery vulnerability exists in Drupal Matomo Analytics versions prior to 1.24.0, which stems from...

Drupal General Data Protection Regulation 跨站请求伪造漏洞

Drupal General Data Protection Regulation is a module of the Drupal community. A cross-site request forgery vulnerability exists in Drupal General Data Protection Regulation versions prior to 3.0.1 and versions prior to 3.1.0 through 3.1.2, which stems from cross-site request forgery...

DRUPAL-CONTRIB-2025-022

The AI Automators module a submodule of AI enables you to create different automated tasks that fills out a field data using LLM outputs. The module contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Arbitrary File Deletion. It may be...

DRUPAL-CONTRIB-2025-020

Provides OAuth2 server functionality based on the oauth2-server-php library. The module does not consistently enforce admin configurations allowing users on a disabled server to still authenticate...

DRUPAL-CONTRIB-2025-018

The GDPR Task submodule enables you to create GDPR tasks. The module doesn't sufficiently protect against Cross Site Request Forgery CSRF attacks by validating user identity and intent when creating tasks...

Drupal OAuth2 Server module < 2.1.0 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by Pierre Rudloff prudloff in WordPress Module OAuth2 Server versions 2.1.0...