EUVD-2016-3090

Malware in sbrugna...

CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...

CVE-2025-48448

The CVE-2025-48448 is tied to Drupal Admin Audit Trail and describes an Allocation of Resources Without Limits or Throttling vulnerability that enables excessive resource allocation. Affected versions are 0.0.0 through 1.0.4, with the issue addressed by upgrading to 1.0.5 or later. Connected advi...

CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0...

CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0...

CVE-2024-13305 Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting XSS.This issue affects Entity Form Steps: from 0.0.0 before 1.1.4...

CVE-2024-13279 Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043

Session Fixation vulnerability in Drupal Two-factor Authentication TFA allows Session Fixation.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.8.0...

Drupal Releases Security Advisory for Drupal Core

Drupal released a security advisory to address a vulnerability affecting multiple Drupal core versions. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Drupal security advisory SA-CORE-2024-001link is...

Drupal Releases Security Advisory to Address Vulnerability in Drupal Core

Drupal has released a security advisory to address a vulnerability affecting multiple Drupal versions. A malicious cyber actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal security advisory SA-CORE- 2023-006link ...

DRUPAL-CONTRIB-2020-035

The File Example submodule within the Examples project does not properly sanitize certain filenames as described in SA-CORE-2020-012, along with other related vulnerabilities. Therefore, File Example so is being removed from Examples until a version demonstrating file security best practices can...

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...