CVE-2025-11570

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...

CVE-2025-11570

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...

CVE-2025-11570

Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting XSS due to insufficient filtering of data. Note: This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Patter...

CVE-2025-11570

CVE-2025-11570 affects the package drupal-pattern-lab/unified-twig-extensions (versions around 0.0.0; unmaintained) with a Cross-site Scripting (XSS) vulnerability caused by insufficient data filtering. Multiple sources (NVD, Red Hat CVE page, GitHub advisory, OSV, EUVD, CNNVD, SNYK) converge on ...

PT-2025-41617

Name of the Vulnerable Software and Affected Versions Drupal Facets versions 0.0.0 through 2.0.9 Drupal Facets versions 3.0.0 through 3.0.0 Description A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls...

PT-2025-41620

Name of the Vulnerable Software and Affected Versions Drupal Synchronize composer.Json With Contrib Modules versions . Description A flaw exists in Drupal Synchronize composer.Json With Contrib Modules. The specific nature of the issue is not detailed in the provided information. Recommendations ...

Drupal API Key manager 安全漏洞

Drupal API Key manager is an API key management extension for the Drupal community. A security vulnerability exists in Drupal API Key manager. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor announcement...

PT-2025-41621

Name of the Vulnerable Software and Affected Versions Drupal API Key manager affected versions not specified Description A security issue exists in the Drupal API Key manager. The specific details of the issue are not provided. Recommendations At the moment, there is no information about a newer...

Drupal Synchronize composer.Json With Contrib Modules 安全漏洞

Drupal Synchronize composer.Json With Contrib Modules is a module management plugin for the Drupal community. A security vulnerability exists in Drupal Synchronize composer.Json With Contrib Modules, which stems from an issue when synchronizing composer.Json with contributed modules...

PT-2025-41619

Name of the Vulnerable Software and Affected Versions Drupal Protected Pages versions 0.0.0 through 1.7.9 Description A flaw exists in Drupal Protected Pages that allows for excessive authentication attempts, potentially leading to brute force attacks. This issue impacts the Protected Pages modul...

Drupal Owl Carousel 2 安全漏洞

Drupal Owl Carousel 2 is a plugin for the Drupal community. A security vulnerability exists in Drupal Owl Carousel 2. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...

PT-2025-41616

Name of the Vulnerable Software and Affected Versions Drupal Authenticator Login versions prior to 2.1.8 Description An authentication bypass issue exists in Drupal Authenticator Login. This allows attackers to bypass authentication mechanisms by utilizing an alternate path or channel...

Drupal Facets 安全漏洞

Drupal Facets is a browser plugin for the Drupal community. A security vulnerability exists in Drupal Facets version 0.0.0 up to and including version 2.0.10 and version 3.0.0 up to and including version 3.0.1, which stems from a lack of authorization and could lead to a forced browsing attack...

Drupal Protected Pages 安全漏洞

Drupal Protected Pages is a page locking plugin for the Drupal community. A security vulnerability exists in Drupal Protected Pages versions prior to 1.8.0, which stems from an unrestricted number of authentication attempts that could lead to a brute force attack...

Drupal Authenticator Login 安全漏洞

Drupal Authenticator Login is a Drupal community authentication login module or feature for Drupal. A security vulnerability exists in Drupal Authenticator Login version 0.0.0 through versions prior to 2.1.8 that stems from bypassing authentication using an alternate path or channel, which could...

Drupal Facets 安全漏洞

Drupal Facets is a browser plugin for the Drupal community. A security vulnerability exists in Drupal Facets versions 0.0.0 through 2.0.10 and 3.0.0 through 3.0.1, which stems from improper input neutralization during web page generation and could lead to a cross-site scripting attack...

PT-2025-41618

Name of the Vulnerable Software and Affected Versions Drupal Facets versions prior to 2.0.10 Drupal Facets versions prior to 3.0.1 Description A flaw exists in Drupal Facets that allows for Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. T...

PT-2025-41622

Name of the Vulnerable Software and Affected Versions Drupal Owl Carousel 2 affected versions not specified Description A flaw exists in Drupal Owl Carousel 2. The specific nature of the issue is not detailed in the provided information. Recommendations At the moment, there is no information abou...

PT-2025-41502

Name of the Vulnerable Software and Affected Versions drupal-pattern-lab/unified-twig-extensions versions 0.0.0 through 1.1.0 Description The package contains a Cross-site Scripting XSS issue because of inadequate data filtering. This is only exploitable when the code runs outside of Drupal, as t...

Drupal Unified Twig Extensions 安全漏洞

Drupal Unified Twig Extensions is a plugin for the Drupal community. A security vulnerability exists in Drupal Unified Twig Extensions that stems from insufficient data filtering and could lead to a cross-site scripting attack...