CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13925 matches found

CVE•added 2025/10/29 11:14 p.m.•12 views

CVE-2025-12082

Summary of CVE-2025-12082 : Affected software is the Drupal CivicTheme Design System. The root cause is an incorrect authorization check that enables forceful browsing. This vulnerability allows disclosure of information via UI components (cards) that render content the user should not access. Im...

7.5CVSS6.6AI score0.0028EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/29 11:14 p.m.•1 views

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

6.5AI score0.00276EPSS

Exploits0References1

CVE•added 2025/10/29 11:14 p.m.•8 views

CVE-2025-10929

CVE-2025-10929 affects the Drupal Reverse Proxy Header module prior to version 1.1.2. The publicly documented issue is an improper validation of consistency within input, which can allow manipulation of user-controlled variables. The problem is tied to the Reverse Proxy Header behavior and indica...

5.3CVSS6.5AI score0.00276EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/29 11:14 p.m.•10 views

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

0.00276EPSS

Exploits0References1

Cvelist•added 2025/10/29 11:13 p.m.•8 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

0.00122EPSS

Exploits0References1

CVE•added 2025/10/29 11:13 p.m.•14 views

CVE-2025-10930

The CVE CVE-2025-10930 concerns Drupal Currency, a Drupal contributed module that handles currency display/conversion. The root cause is a Cross-Site Request Forgery (CSRF) vulnerability, allowing an attacker to forge actions for authenticated users. Affected versions are prior to 3.5.0. Conseque...

6.5CVSS6.5AI score0.00122EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/29 11:13 p.m.•3 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

6.5AI score0.00122EPSS

Exploits0References1

CVE•added 2025/10/29 11:13 p.m.•16 views

CVE-2025-10931

CVE-2025-10931 corresponds to a Cross-Site Scripting (XSS) vulnerability in Drupal Umami Analytics. The connected sources confirm the flaw arises from improper neutralization of input during web page generation and affects Umami Analytics versions prior to 1.0.1 (e.g., 0.0.0 up to before 1.0.1). ...

3.8CVSS5.5AI score0.00184EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/29 11:13 p.m.•2 views

CVE-2025-10931 Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Umami Analytics allows Cross-Site Scripting XSS.This issue affects Umami Analytics: from 0.0.0 before 1.0.1...

5.5AI score0.00184EPSS

Exploits0References1

Cvelist•added 2025/10/29 11:13 p.m.•8 views

CVE-2025-10931 Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109

0.00184EPSS

Exploits0References1

CVE•added 2025/10/29 11:13 p.m.•12 views

CVE-2025-10928

The CVE-2025-10928 entry concerns the Drupal Access code module. A vulnerability arises from improper restriction of excessive authentication attempts, potentially enabling brute-force attacks. Affected versions are Access code: all versions prior to 2.0.5 (0.0.0 up to

6.3CVSS6.8AI score0.00225EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/29 11:13 p.m.•1 views

CVE-2025-10928 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5...

6.8AI score0.00225EPSS

Exploits0References1

Cvelist•added 2025/10/29 11:13 p.m.•9 views

CVE-2025-10928 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5...

0.00225EPSS

Exploits0References1

CVE•added 2025/10/29 11:13 p.m.•9 views

CVE-2025-10927

CVE-2025-10927 concerns the Drupal Plausible tracking module. A flaw arises from improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). The issue affects Plausible tracking versions before 1.0.2. The CVE entry and related reports (e.g., GHSA-PR6M-QWRR-MRW9,...

6.1CVSS5.5AI score0.00177EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/10/29 11:13 p.m.•9 views

CVE-2025-10927 Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Plausible tracking allows Cross-Site Scripting XSS.This issue affects Plausible tracking: from 0.0.0 before 1.0.2...

0.00177EPSS

Exploits0References1

Vulnrichment•added 2025/10/29 11:13 p.m.•2 views

CVE-2025-10927 Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107

5.5AI score0.00177EPSS

Exploits0References1

Cvelist•added 2025/10/29 11:12 p.m.•9 views

CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...

0.00184EPSS

Exploits0References1

CVE•added 2025/10/29 11:12 p.m.•10 views

CVE-2025-10926

CVE-2025-10926 affects the Drupal JSON Field module (before 1.5). The vulnerability arises from improper input neutralization during page generation, enabling Cross-Site Scripting (XSS). Affected: JSON Field module prior to 1.5. Impact: XSS risk on pages rendering JSON Field content. Remediation:...

6.1CVSS5.5AI score0.00184EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/10/29 11:12 p.m.•1 views

CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106

5.5AI score0.00184EPSS

Exploits0References1

CVE•added 2025/10/29 11:12 p.m.•10 views

CVE-2025-9954

CVE-2025-9954 affects Drupal Acquia DAM (versions 0.0.0 up to 1.1.4). Root cause: missing authorization enabling forceful browsing of DAM assets. Impact is information disclosure and unauthorized resource access. Mitigation: update to Acquia DAM 1.1.5 or later. Multiple sources corroborate the vu...

7.5CVSS6.6AI score0.0028EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by