CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

EUVD-2022-3195

Malicious code in bioql PyPI...

EUVD-2025-9049

Malicious code in bioql PyPI...

EUVD-2022-5673

Malicious code in bioql PyPI...

EUVD-2024-52831

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the...

Linux Distros Unpatched Vulnerability : CVE-2024-55634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0...

Linux Distros Unpatched Vulnerability : CVE-2024-11941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. CVE-2024-11941...

Linux Distros Unpatched Vulnerability : CVE-2017-6928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core 7.x versions before 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the use...

Linux Distros Unpatched Vulnerability : CVE-2017-6932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in...

BIT-DRUPAL-2024-55638 Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitable when an insecure deserialization...

BIT-DRUPAL-2024-11941 Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows malicious scripts to be executed in the context of a user's browser...

GHSA-2QPH-Q8XW-GV7Q Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

Drupal Core Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

GHSA-M4WJ-HHWJ-47QP Drupal Core Cross-Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5...

GHSA-WPP8-FJGF-PWC7 Drupal Core Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

Drupal Core Vulnerable to Forceful Browsing

Incorrect Authorization vulnerability in Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2025-3057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...

CVE-2025-3057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3...