CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

EUVD-2024-52831

Malicious code in bioql PyPI...

EUVD-2022-5673

Malicious code in bioql PyPI...

EUVD-2022-3195

Malicious code in bioql PyPI...

EUVD-2025-9049

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the...

Linux Distros Unpatched Vulnerability : CVE-2024-55634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0...

Linux Distros Unpatched Vulnerability : CVE-2024-11941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. CVE-2024-11941...

Linux Distros Unpatched Vulnerability : CVE-2017-6932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in...

Linux Distros Unpatched Vulnerability : CVE-2017-6928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the use...

BIT-DRUPAL-2024-55638 Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitable when an insecure deserialization...

BIT-DRUPAL-2024-11941 Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be executed in the context of a user's browser...

Drupal Core Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

GHSA-2QPH-Q8XW-GV7Q Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

GHSA-M4WJ-HHWJ-47QP Drupal Core Cross-Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5...

GHSA-WPP8-FJGF-PWC7 Drupal Core Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2025-3057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2025-3057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...