PT-2026-44140

Description symfony/dom-crawler provides the Crawler class for navigating HTML/XML documents with CSS/XPath selectors; symfony/browser-kit's HttpBrowser uses it to parse fetched pages. Crawler::addXmlContent sets DOMDocument::$validateOnParse = true before calling loadXML. Setting validateOnParse...

CVE-2026-36762

An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations...

EUVD-2004-2406

Malware in sbrugna...

EUVD-2024-51489

Malicious code in bioql PyPI...

EUVD-2024-51451

Malicious code in bioql PyPI...

CVE-2024-13276

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...

CVE-2024-13276

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...

CVE-2024-13276

CVE-2024-13276 affects Drupal File Entity (fieldable files) versions 7.X-* before 7.X-2.39. The vulnerability allows insertion of sensitive information into sent data, enabling forceful browsing and potential disclosure of protected data. Root cause details point to how files are stored and expos...

CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...

CVE-2024-13276 File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity fieldable files allows Forceful Browsing.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.39...

CVE-2024-13237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...

CVE-2024-13237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...

CVE-2024-13237

CVE-2024-13237 affects Drupal File Entity (fieldable files). The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) for File Entity versions 7.X-* up to but not including 7.X-2.38. The issue is discussed in SA-CONTRIB-2024-00...

CVE-2024-13237 File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...

CVE-2024-13237 File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTRIB-2024-001

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal File Entity fieldable files allows Cross-Site Scripting XSS.This issue affects File Entity fieldable files: from 7.X- before 7.X-2.38...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal File Entity versions 7.X- through 7.X-2.38, which stems from improper input neutralization during page generation, resulting in a cross-site scriptin...

PT-2025-1041 · Drupal · File Entity

Name of the Vulnerable Software and Affected Versions: File Entity versions 7.X- through 7.X-2.38 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS attacks. This can enable a remote attacker to bypass security...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal File Entity fieldable files versions 7.X- through 7.X-2.39, which stems from the inclusion of a sensitive information disclosure issue...

File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040

This module enables you to store and manage both private and public files, provides the ability to add fieldable metadata for fileentity bundle types in addition to core filemanaged data. The module doesn't sufficiently ensure that folders exist within the private destination prior to writing to...

Drupal File Entity (fieldable files) module < 7.x-2.39 - Authenticated Sensitive Data Exposure vulnerability

Authenticated Sensitive Data Exposure vulnerability discovered by Devin Zuczek in WordPress Module File Entity fieldable files versions 7.x-2.39...