20172 matches found
PT-2026-56667
Name of the Vulnerable Software and Affected Versions Drupal Clean RESTful versions . Description A security issue exists in Drupal Clean RESTful. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2026-55075 Coder vulnerable to OIDC account takeover via email-based user matching and email_verified bypass
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, two flaws in Coder's OIDC login chained into account takeover. Email-based user matching fell back to linking by email without checking for an existing link...
Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064
The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...
DRUPAL-CONTRIB-2026-046
The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...
Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
PT-2026-48595
Name of the Vulnerable Software and Affected Versions Drupal Brute force attack protection versions . Description An issue exists in the Brute force attack protection module that allows for a brute force attack. Recommendations At the moment, there is no information about a newer version that...
Composer - Critical - Unsupported - SA-CONTRIB-2026-046
The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...
PT-2026-46353
Unauthenticated Local File Inclusion in Preservation = 1.10 versions...
PT-2026-46345
Subscriber SQL Injection in Events Schedule - WordPress Events Calendar Plugin = 2.7.2 versions...
PT-2026-46341
Unauthenticated Local File Inclusion in Food Drop = 1.3 versions...
PT-2026-46348
Subscriber Privilege Escalation in Genemy = 1.6.6 versions...
PT-2026-46342
Unauthenticated Local File Inclusion in Fortius = 2.3.0 versions...
PT-2026-46379
Unauthenticated Local File Inclusion in ITactics = 1.0 versions...
PT-2026-46387
Name of the Vulnerable Software and Affected Versions WP Meta Sort Posts versions prior to 1.0 Description The WP Meta Sort Posts plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a type of attack where an unauthorized user tricks a victim into performing actions they did not...
PT-2026-46347
Subscriber Broken Access Control in Genemy = 1.6.6 versions...
PT-2026-46335
Unauthenticated Local File Inclusion in CopyPress = 1.4.5 versions...
PT-2026-46374
Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...
PT-2026-46333
Unauthenticated Local File Inclusion in Iona = 1.0.8 versions...
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer requires GitHub sign-in, RedSun, an...
CVE-2026-32941
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...