8 matches found
CVE-2026-3528
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Calculation Fields allows Cross-Site Scripting XSS.This issue affects Calculation Fields: from 0.0.0 before 1.0.4...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-0948 Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
CVE-2025-62033
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
CVE-2025-62037
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
PT-2025-45304
Missing Authorization vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...
CVE-2025-10916 FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server...
CVE-2025-2691
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism...