Apache Solr Real-Time - Critical - Access Bypass - SA-CONTRIB-2015-119

This module allows content-changes to be committed to Apache Solr in real-time. The module doesn't check the status of an entity being indexed which means that unpublished content will get indexed by Solr and the title and partial content may be exposed to any user who has permission to search si...

CVE-2012-4485

The CVE concerns the Drupal Gallery formatter module prior to 7.x-1.2, specifically the galleryformatter_field_formatter_view function in galleryformatter.tpl.php. The vulnerability arises from multiple XSS flaws that allow remote authenticated users with node/entity creation permissions to injec...