Lucene search
K

14 matches found

Drupal
Drupal
added 2025/12/03 12:0 a.m.13 views

Next.js - Critical - Access bypass - SA-CONTRIB-2025-122

This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...

6.1CVSS5.4AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/29 11:14 p.m.2 views

CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

5.5AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 11:13 p.m.3 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

6.5AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 10:25 p.m.2 views

CVE-2025-9554 Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104

Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2:...

6.5AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 10:25 p.m.10 views

CVE-2025-9552

CVE-2025-9552 concerns the Drupal module Synchronize composer.Json With Contrib Modules . Public descriptions in connected documents indicate a vulnerability affecting the module in general (versions not specified). The NVD/NVD-derived metrics show a CVSS 3.1 base score of 5.3 (Medium) with an at...

5.3CVSS6.5AI score0.00234EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2025/08/27 12:0 a.m.12 views

Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098

This module allows users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score experimental 6.3 / Medium...

8.8CVSS5.4AI score0.00326EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/15 4:27 p.m.4 views

CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

6.6AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/26 1:33 p.m.13 views

CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0., from 0.0.0 before 5.1...

0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 5:1 p.m.16 views

CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

0.00171EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 4:32 p.m.61 views

CVE-2025-3739

CVE-2025-3739 : A vulnerability in Drupal 8 Google Optimize Hide Page affects the Drupal 8 Google Optimize Hide Page module. The CVSSv3.1 metrics indicate a network attack vector, high attack complexity, and that an attacker requires high privileges with no user interaction to achieve a Confident...

5.9CVSS5.7AI score0.00282EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 10:22 p.m.18 views

CVE-2025-3061 Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006

Vulnerability in Drupal Material Admin.This issue affects Material Admin:...

7.2AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/31 10:21 p.m.18 views

CVE-2025-3060 Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005

Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile:...

0.00493EPSS
Exploits0References1
Drupal
Drupal
added 2025/02/05 12:0 a.m.7 views

OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013

This module enables a developer to create dedicated OAuth2 clients for connecting to external APIs and other OAuth protected resources. The module does not use Cross Site Request Forgery CSRF tokens to protect routes for enabling a client. This vulnerability is mitigated by the fact that an...

6.8CVSS5.6AI score0.00167EPSS
Exploits0References6
Drupal
Drupal
added 2025/01/29 12:0 a.m.21 views

Google Tag - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-011

This module enables you to integrate the site with the Google Tag Manager GTM application. The module doesn't have the "restrict access" flag on the "administer googletagcontainer" permission. A user with this permission can load a GTM container that completely changes the page or inserts malicio...

4.8CVSS6.2AI score0.00218EPSS
Exploits0References8
Rows per page
Query Builder