Drupal Role Delegation 安全漏洞

Drupal Role Delegation is a permissions management module developed by the Drupal company. Versions of Drupal Role Delegation prior to 1.5.0 contained security vulnerabilities. These vulnerabilities were due to insecure permission definitions, which could lead to unauthorized permission escalatio...

CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

Drupal 11.2.x < 11.2.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

EUVD-2010-1574

Malware in sbrugna...

EUVD-2009-3752

Malware in sbrugna...

EUVD-2015-5460

Malware in sbrugna...

EUVD-2012-5536

Malware in sbrugna...

EUVD-2023-1236

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external...

CVE-2025-48917 EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal EU Cookie Compliance GDPR Compliance allows Cross-Site Scripting XSS.This issue affects EU Cookie Compliance GDPR Compliance: from 0.0.0 before 1.26.0...

CVE-2010-3685

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.responsenonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

CVE-2025-4415

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Piwik PRO allows Cross-Site Scripting XSS.This issue affects Piwik PRO: from 0.0.0 before 1.3.2...

Drupal 8.0.x < 10.3.14 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 11.1.x prior to 11.1.5, 11.0.x prior to 11.0.13, 10.4.x prior to 10.4.5 or 8.x prior to 10.3.14. Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross-Site...

Drupal 11.1.x < 11.1.5 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 11.1.x prior to 11.1.5, 11.0.x prior to 11.0.13, 10.4.x prior to 10.4.5 or 8.x prior to 10.3.14. Drupal core Link field attributes are not sufficiently sanitized, which can lead to a Cross-Site...

CVE-2024-13301 OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client allows Cross-Site Scripting XSS.This issue affects OAuth & OpenID Connect Single Sign On – SSO OAuth/OIDC Client: from 3.0.0...

CVE-2024-13298

CVE-2024-13298 affects the Drupal Tarte au Citron module. The issue is improper neutralization of input during web page generation, enabling Cross‑Site Scripting (XSS). Affected: Tarte au Citron module versions 2.0.0 before 2.0.5. The problem arises in the module’s handling of input that can be i...

CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13252 TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-016

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal TacJS allows Cross-Site Scripting XSS.This issue affects TacJS: from 0.0.0 before 6.5.0...

CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

Design/Logic Flaw

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...