30 matches found
Drupal Acquia Content Hub security vulnerabilities
Drupal Acquia Content Hub is a content distribution plugin for the Drupal community. Versions of Drupal Acquia Content Hub prior to 3.6.4 and 3.7.3 contained security vulnerabilities, which were due to a vulnerability that was vulnerable to cross-site request forgery attacks...
DRUPAL-CONTRIB-2025-123
This module enables you to deploy content from one Drupal website to another. The module provides some default configuration without sufficient access control. This vulnerability is mitigated by the fact that an administrator can add some default access control permission...
[SECURITY] Fedora 41 Update: drupal7-7.103-1.fc41
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
CVE-2025-48009
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12...
The vulnerability of the Cookiebot module and the GTM CMS system Drupal, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Cookiebot module and the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Swift Mailer module in the Drupal CMS system, related to the use of dangerous methods or functions, allows attackers to exploit it.
The vulnerability of the Swift Mailer module in the Drupal CMS system is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute a spear-phishing attack remotely...
PT-2024-10084 · Drupal +1 · Drupal +1
Name of the Vulnerable Software and Affected Versions: Minify JS versions 0.0.0 through 3.0.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Minify JS module of the Drupal CMS system. This vulnerability can be exploited by a remote attacker to perform ...
Drupal Content Entity Clone module < 1.0.4 - Authenticated Sensitive Data Exposure vulnerability
Authenticated Sensitive Data Exposure vulnerability discovered by Vojislav Jovanovic in WordPress Module Content Entity Clone versions 1.0.4...
DRUPAL-CONTRIB-2022-054
The Next.js module provides an inline preview for content. Authenticated requests are made to Drupal to fetch JSON:API content and render them in an iframe from the decoupled Next.js site. The current implementation doesn’t sufficiently check access for fetching data. All requests made to Drupal...
[SECURITY] Fedora 33 Update: drupal7-7.72-1.fc33
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
Fedora Update for drupal7 FEDORA-2019-f563e66380
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for drupal8 FEDORA-2019-1a3edd7e8a
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
DRUPAL-CONTRIB-2018-081
This module provides a JSON:API specification-compliant HTTP API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently check access when responding to certain filtered collection requests, thereby causing an access bypass vulnerability. This mea...
Debian DLA-1325-1 : drupal7 security update (Drupalgeddon 2)
Jasper Mattsson found a remote code execution vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. For further information please refer to the...
Debian DSA-4123-1 : drupal7 - security update
Multiple vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2018-001 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
Drupal Core Denial of Service Vulnerability (CNVD-2016-11384)
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A denial-of-service vulnerability exists in Drupal Core, which can be exploited by attackers to cause a denial-of-service attack...
DSA-3718-1 drupal7 - security update
Bulletin has no description...
[SECURITY] Fedora 23 Update: drupal7-7.41-1.fc23
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...
CVE-2015-3364
Cross-site scripting XSS vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message...
DSA-3200-1 drupal7 - security update
Bulletin has no description...