EUVD-2007-5568

Malware in sbrugna...

PT-2025-28755 · Drupal · Drupal Two-Factor Authentication

Name of the Vulnerable Software and Affected Versions: Drupal Two-factor Authentication TFA versions 0.0.0 through 1.10.0 Description: The issue affects the two-factor authentication TFA mechanism, allowing exploitation of incorrectly configured access control security levels due to a privilege...

Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting XSS. This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1...

GHSA-JH66-RJX8-8QQC Drupal Matomo Analytics Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery. This issue affects Matomo Analytics: from 0.0.0 before 1.24.0...

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

CVE-2016-3165

The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a form with a button that has "access" set to FALSE in the server-side form definition...

CVE-2016-3164

Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging 1 custom code or 2 a form shown on a 404 error page, related to path manipulation...

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...