13925 matches found
CVE-2025-10926
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...
CVE-2025-10926
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...
CVE-2025-10927
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS.This issue affects Plausible tracking: from 0.0.0 before 1.0.2...
CVE-2025-10927
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS.This issue affects Plausible tracking: from 0.0.0 before 1.0.2...
Drupal Acquia DAM 安全漏洞
Drupal Acquia DAM is a data synchronization plugin for the Drupal community. A security vulnerability exists in Drupal Acquia DAM versions prior to 1.1.5, which stems from a lack of authorization and could lead to a forced browsing attack...
Drupal Currency 安全漏洞
Drupal Currency is a currency conversion plugin for the Drupal community. A security vulnerability exists in Drupal Currency versions prior to 3.5.0 that stems from vulnerability to cross-site request forgery attacks...
Drupal Reverse Proxy Header 安全漏洞
Drupal Reverse Proxy Header is a custom HTTP header plugin for the Drupal community. A security vulnerability exists in Drupal Reverse Proxy Header version 0.0.0 through versions prior to 1.1.2, which stems from improper input consistency validation and could lead to the manipulation of user...
Drupal Umami Analytics 安全漏洞
Drupal Umami Analytics is a web statistics plugin for the Drupal community. A security vulnerability exists in Drupal Umami Analytics versions prior to 1.0.1, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
Drupal Simple OAuth (OAuth2) & OpenID Connect 安全漏洞
Drupal Simple OAuth OAuth2 & OpenID Connect is an authorization framework for the Drupal community. A security vulnerability exists in Drupal Simple OAuth OAuth2 & OpenID Connect version 6.0.0 through versions prior to 6.0.7, which stems from an authentication bypass vulnerability that could lead...
Drupal CivicTheme Design System 安全漏洞
Drupal CivicTheme Design System is a theme design plugin for the Drupal community. A security vulnerability exists in Drupal CivicTheme Design System versions prior to 1.12.0, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
Drupal Plausible tracking 安全漏洞
Drupal Plausible tracking is a data analysis plugin for the Drupal community. A security vulnerability exists in Drupal Plausible tracking versions prior to 1.0.2, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
Drupal JSON Field 安全漏洞
Drupal JSON Field is a JSON data presentation plugin for the Drupal community. A security vulnerability exists in Drupal JSON Field versions prior to 1.5, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
Drupal CivicTheme Design System 安全漏洞
Drupal CivicTheme Design System is a theme design plugin for the Drupal community. A security vulnerability exists in Drupal CivicTheme Design System versions prior to 1.12.0 that stems from improper authorization and could lead to a forced browsing attack...
Drupal Access code 安全漏洞
Drupal Access code is a Drupal module in the Drupal community. A security vulnerability exists in Drupal Access code versions prior to 2.0.5, which stems from an unrestricted number of authentication attempts that could lead to a brute force attack...
CVE-2025-12466 Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...
CVE-2025-12466 Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth OAuth2 & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth OAuth2 & OpenID Connect: from 6.0.0 before 6.0.7...
CVE-2025-12466
The issue CVE-2025-12466 affects Drupal Simple OAuth (OAuth2) & OpenID Connect module, specifically versions 6.0.0 through 6.0.6 (before 6.0.7). Root cause is an authentication bypass via an alternate path or channel, enabling bypass of login/authentication. Impact is authenticated bypass risk as...
CVE-2025-12083
The CVE-2025-12083 entry concerns Drupal CivicTheme Design System prior to 1.12.0. The root cause is improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS). Affected component: CivicTheme Design System (Twig rendering paths) with input not adequately sani...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...