229 matches found
CVE-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...
CVE-2026-9082
CVE-2026-9082 – Drupal Core PostgreSQL SQL Injection is a highly critical, unauthenticated SQLi in Drupal’s core database abstraction API. The flaw exists in the PostgreSQL-specific Entity Query Condition handling: the translateCondition() uses attacker-controlled JSON:API filter array keys to bu...
CVE-2025-8995 Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4...
Drupal Core Remote Code Execution Vulnerability
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...
PT-2024-2025
Name of the Vulnerable Software and Affected Versions: Progress OpenEdge Authentication Gateway versions prior to 11.7.19 Progress OpenEdge AdminServer versions prior to 11.7.19 Progress OpenEdge Authentication Gateway versions prior to 12.2.14 Progress OpenEdge AdminServer versions prior to...
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services rest module enabled and allows GET, PAT...
CVE-2018-7602 Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...
CVE-2018-7602 Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical -...
Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...
Drupal 7.58 - Drupalgeddon3 (Authenticated) Remote Code (Metasploit)
Drupal 7.58 - Drupalgeddon3 Authenticated Remote Code Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote cod...
Drupalgeddon3 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution vulnerability exists within multiple subsystems of...
Drupalgeddon Two.
New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a...
Drupal Issues Highly Critical Patch: Over 1M Sites Vulnerable
Drupal released a patch for a “highly critical” flaw in versions 6, 7 and 8 of its CMS platform that could allow an attacker to take control of an affected site simply by visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS...
The vulnerability of Synaptics’ sensor screen driver in the Android operating system allows a hacker to execute arbitrary code.
The vulnerability of Synaptics’ touchscreen display driver in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious applications on the touchscreen chipset. This issue is considered “highly...
The vulnerability of the Audioserver component of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability in the Android operating system’s Audioserver relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within a privileged process remotely. This issue is considered “highly critical” because it could be used to...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Qualcomm Android operating system’s Wi-Fi driver is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary local malware code within the kernel context. This issue is considered “highly critical” because it...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of Synaptics’ sensor screen driver in the Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary local malware code within the kernel context. This issue is considered “highly critical”...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability related to privilege escalation of the HTC Android operating system’s audio codecs is linked to access control deficiencies. Exploiting this vulnerability allows a remote attacker to execute arbitrary local malware code within the kernel context. This issue is considered “highly...
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability
SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Drupal - pre-auth SQL Injection Vulnerability Release Date: 2014/10/15 Last Modified: 2014/10/15 Author: Stefan Horst stefan.horstatsektioneins.de Application: Drupal = 7.0 = 7.31 Severity: Full SQL injection, which results in...
Updated bash packages fix CVE-2014-6271
Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...