23 matches found
EUVD-2019-15903
Malware in sbrugna...
EUVD-2022-5688
Malicious code in bioql PyPI...
GHSA-W2PF-7Q5W-2CGW TYPO3 Workspaces Module Information Disclosure
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...
CVE-2025-59018
CVE-2025-59018 describes a missing authorization check in the TYPO3 CMS Workspace Module that lets backend users directly invoke the corresponding AJAX backend route to disclose sensitive information. Affected TYPO3 versions are 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13...
Linux Distros Unpatched Vulnerability : CVE-2019-6342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces...
CVE-2020-13667
Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see conten...
Drupal 8.8.x < 8.8.10 / 8.9.x < 8.9.6 / 9.0.x < 9.0.6 Multiple Vulnerabilities (drupal-2020-09-16)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6, or 9.0.x prior to 9.0.6. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in the File module. An...
Drupal 8.8.x < 8.8.10 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
Drupal 9.0.x < 9.0.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.73, 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6 or 9.0.x prior to 9.0.6. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Scripting XSS due to Drupal AJAX AP...
DRUPAL-CORE-2020-008
The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass...
Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008
The experimental Workspaces module allows you to create multiple workspaces on your site in which draft content can be edited before being published to the live workspace. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass...
PT-2020-13648 · Drupal · Drupal Core
Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 8.8.10 Drupal Core versions prior to 8.9.6 Drupal Core versions prior to 9.0.6 Description: The issue is an access bypass vulnerability in the Workspaces module of Drupal Core, which fails to properly check acces...
CVE-2019-6342
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...
CVE-2019-6342
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...
Security feature bypass
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...
UBUNTU-CVE-2019-6342
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...
CVE-2019-6342 Drupal core - Critical - Access bypass - SA-CORE-2019-008
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...
CVE-2019-6342
Removed by vendor...
PT-2020-11206 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal 8 version 8.7.4 Description: An access bypass issue exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. Recommendations: For Drupal 8 version 8.7.4,...
Drupal 8.7.4 Access Bypass Vulnerability (SA-CORE-2019-008) (drupal-2019-07-17)
According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.4. It is, therefore, affected by an access bypass condition when the experimental Workspaces module is enabled. Note this vulnerability does not affect any release other than Drupal 8.7.4. Drupa...