32 matches found
CVE-2025-9552
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules:...
Drupal Synchronize composer.Json With Contrib Modules 安全漏洞
Drupal Synchronize composer.Json With Contrib Modules is a module management plugin for the Drupal community. A security vulnerability exists in Drupal Synchronize composer.Json With Contrib Modules, which stems from an issue when synchronizing composer.Json with contributed modules...
EUVD-2008-3211
Malware in sbrugna...
EUVD-2022-4766
Malicious code in bioql PyPI...
BIT-DRUPAL-2022-25278
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
GHSA-G36H-4JR6-QMM9 Improper input validation in Drupal core
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
Improper input validation in Drupal core
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25278
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
UBUNTU-CVE-2022-25278
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
Input validation
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25273
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter...
CVE-2022-25278
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
DRUPAL-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...
DRUPAL-CORE-2022-011
Updated 22:00 UTC 2022-06-10: Added steps to update without drupal/core-recommended. Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released two security advisories: Failure to strip the Cookie header on change in host or HTTP...
DRUPAL-CORE-2022-010
Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...
Drupal core - Moderately critical - Third-party libraries - SA-CORE-2022-010
Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which does not affect Drupal core, but may affect some contributed projects or custom code on Drupal sites. We are issuing this security advisory outside...
Drupal Node Validation Bypass in the node module API
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...
GHSA-PH2J-5HXQ-GXRR Drupal Node Validation Bypass in the node module API
The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...
Drupal external link injection vulnerability
Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an externa...