14 matches found
CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...
EUVD-2026-16393
Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...
CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030
Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...
CVE-2026-3218
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...
EUVD-2023-44204
Malicious code in bioql PyPI...
CVE-2025-51510
MoonShine was discovered to contain a SQL injection vulnerability under the Blog - Categories page when using the moonshine-tree-resource version 2.0.2 component...
SUSE CVE-2025-7338
Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service DoS by sending a malformed multi-part upload request. This request causes an unhandled...
CVE-2025-31688
Cross-Site Request Forgery CSRF vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2...
PayPal Plugin 安全漏洞
PayPal Plugin is an open source plugin for the PayPal commerce platform from Sylius eCommerce. A security vulnerability exists in PayPal Plugin versions prior to 1.6.2, prior to 1.7.2, and prior to 2.0.2, which originates from a user being able to modify the shopping cart after completing the...
CVE-2024-13272
Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2...
NamelessMC 授权问题漏洞
NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. Suitable for your Minecraft server, it contains tons of features. NamelessMC versions prior to v2.0.2 have an authorization issue vulnerability that stems from improper access control...
deepmerge-ts 安全漏洞
deepmerge-ts is an npm package. It is used to deep merge 2 or more objects with respect to type information. A security vulnerability exists in versions of deepmerge-ts prior to 2.0.2, which stems from the lack of handling of merge functions and is susceptible to prototype contamination...
CVE-2021-43564
An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...
WordPress 插件 跨站请求伪造漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability exists in the WordPress plugin OG Tags versions prior to 2.0.2, which stems from insufficient authentication of the source of an HTTP request. A remote attacker could exploit this...