27 matches found
EUVD-2013-0258
Malware in sbrugna...
EUVD-2012-1634
Malware in sbrugna...
EUVD-2013-4452
Malware in sbrugna...
EUVD-2013-4134
Malware in sbrugna...
EUVD-2015-1194
Malware in sbrugna...
EUVD-2009-4499
Malware in sbrugna...
EUVD-2005-3969
Malware in sbrugna...
EUVD-2022-4766
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2007-6752
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests th...
Linux Distros Unpatched Vulnerability : CVE-2015-6661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. CVE-2015-6661 Note that Nessus relies on...
Linux Distros Unpatched Vulnerability : CVE-2014-5021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the...
USN-7658-1: Drupal vulnerabilities
It was discovered that Drupal incorrectly parsed untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...
CVE-2025-48447
CVE-2025-48447 affects Drupal Lightgallery prior to 1.6.0. The issue is described as improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0 through 1.6.0, with remediation to update to 1.6.0 or later (per PT-2025-25222). Publi...
CVE-2014-9022
The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form...
CVE-2018-25002
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy...
CVE-2012-5589
The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...
CVE-2010-5276
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcacheadmin, which might "lead to a role change not being recognized until the user logs in again."...
CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS.This issue affects Colorbox: from 0.0.0 before 2.1.3...
CVE-2025-3738 Google Optimize - Critical - Unsupported - SA-CONTRIB-2025-039
Vulnerability in Drupal Google Optimize.This issue affects Google Optimize:...
CVE-2025-31697 Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Formatter Suite allows Cross-Site Scripting XSS.This issue affects Formatter Suite: from 0.0.0 before 2.1.0...