13921 matches found
CVE-2025-12761 Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...
CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...
CVE-2025-12760
CVE-2025-12760 concerns the Drupal Email TFA module. Documents consistently describe an authentication bypass via an alternate path or channel affecting Email TFA versions prior to 2.0.6. The vulnerability enables a functionality bypass without full login protection as described in the various so...
CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6...
CVE-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...
CVE-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...
CVE-2025-13083
Drupal core contains an information-disclosure vulnerability (CVE-2025-13083) due to caching of browser data and incorrectly configured access control security levels. Affected versions span Drupal 8.0.0 to 10.4.9, 10.5.0 to 10.5.6, 11.0.0 to 11.1.9, and 11.2.0 to 11.2.8. The issue is triggered b...
CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13082
CVE-2025-13082 concerns Drupal core, where a UI misrepresentation of critical information allows content spoofing. Affected versions are Drupal core: 8.0.0–before 10.4.9, 10.5.0–before 10.5.6, 11.0.0–before 11.1.9, and 11.2.0–before 11.2.8. The vulnerability stems from the user interface displayi...
CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13081
The CVE-2025-13081 entry describes an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal core that enables Object Injection. Affected Drupal core versions span: 8.0.0–before 10.4.9, 10.5.0–before 10.5.6, 11.0.0–before 11.1.9, and 11.2.0–before 1...
CVE-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...
CVE-2025-13080
CVE-2025-13080 affects Drupal core: an improper check for unusual or exceptional conditions enables Forceful Browsing. Affected versions are 8.0.0–before 10.4.9, 10.5.0–before 10.5.6, 11.0.0–before 11.1.9, and 11.2.0–before 11.2.8. Impact is limited to potential unauthorized access to or viewing ...
Drupal core 安全漏洞
Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability in Drupal core versions prior to 10.4.9, 10.5.0 through 10.5.6, 11.0.0 through 11.1.9, and 11.2.0 through 11.2.8 stems from a misrepresentation of critical information i...
Drupal core 安全漏洞
Drupal core is a free, open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal core versions prior to 10.4.9, 10.5.0 through 10.5.6, 11.0.0 through 11.1.9, and 11.2.0 through 11.2.8, which stems from an improper check for an...
PT-2025-47344
Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 Description An improper check for unusual or exceptional conditions exists in Drupal core,...
PT-2025-47347
Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8 Description A flaw exists in Drupal core related to the use of a web browser cache that can...