108 matches found
EUVD-2019-15903
Malware in sbrugna...
EUVD-2022-5180
Malicious code in bioql PyPI...
EUVD-2022-4715
Malicious code in bioql PyPI...
EUVD-2022-2662
Malicious code in bioql PyPI...
EUVD-2022-4050
Malicious code in bioql PyPI...
EUVD-2022-3687
Malicious code in bioql PyPI...
EUVD-2022-5359
Malicious code in bioql PyPI...
EUVD-2022-3331
Malicious code in bioql PyPI...
EUVD-2025-11454
Malicious code in bioql PyPI...
CVE-2025-3739
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page:...
CVE-2025-3739
CVE-2025-3739 : A vulnerability in Drupal 8 Google Optimize Hide Page affects the Drupal 8 Google Optimize Hide Page module. The CVSSv3.1 metrics indicate a network attack vector, high attack complexity, and that an attacker requires high privileges with no user interaction to achieve a Confident...
CVE-2025-3739 Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page:...
Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
GHSA-58XV-7H9R-MX3C Drupal Malicious file upload with filenames stating with dot
Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...
Drupal core unrestricted file upload
Drupal 8 core's filesaveupload function does not strip the leading and trailing dot '.' from filenames, like Drupal 7 did. Users with the ability to upload files with any extension in conjunction with contributed modules may be able to use this to upload system files such as .htaccess in order to...
CVE-2022-26493 miniOrange SAML Authentication Bypass
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signatur...
Drupal Cross Site Scripting (XSS) vulnerability
In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. Under certain circumstances the File module/subsystem allows a malicious user to upload a file that can trigger a cross-site scripting XSS vulnerability...
GHSA-PQV4-XGQH-J8VH Drupal sensitive information disclosure
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in...
GHSA-6G9H-6V79-W4PC Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...
GHSA-5VPR-V24W-MMJJ Drupal cross site scripting vulnerability
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...