CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

DRUPAL-CONTRIB-2025-122

This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...

DRUPAL-CONTRIB-2023-005

The Apigee Edge module allows connecting a Drupal site to Apigee X / Edge in order to build a developer portal. Previous module versions did not support entity query level access checking, which could have led to information disclosure or access bypass in various places...

CVE-2018-25002

uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...

SA-CONTRIB-2012-161 - Webform CiviCRM Integration - Access Bypass

Webform CiviCRM integration allows you to expose contact data via Webforms. Depending on what fields you have exposed in your form, this may include personal information such as birthdate, phone number, email address, etc. Proper permission settings are important to keep this information from...

HITB Quartal Magazine - eZine Issue 006

Document Title: =============== HITB Quartal Magazine - eZine Issue 006 References: =========== Download: https://www.vulnerability-lab.com/resources/documents/204.pdf Original: https://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf Release Date: ============= 2011-06-16 Vulnerability...