Vendor CVEs
Drupal
All CVEs
1,207 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6675 | 0.00 | — | 0.00 | Jun 26, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0… | |||
| CVE-2025-6674 | 0.00 | — | 0.00 | Jun 26, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. | |||
| CVE-2025-5682 | 0.00 | — | 0.00 | Jun 26, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7. | |||
| CVE-2025-48922 | 0.00 | — | 0.00 | Jun 26, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16. | |||
| CVE-2025-48923 | 0.00 | — | 0.00 | Jun 26, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1. | |||
| CVE-2025-48915 | 0.00 | — | 0.00 | Jun 13, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. | |||
| CVE-2025-48914 | 0.00 | — | 0.00 | Jun 13, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. | |||
| CVE-2025-48919 | 0.00 | — | 0.00 | Jun 13, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||
| CVE-2025-48918 | 0.00 | — | 0.00 | Jun 13, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0. | |||
| CVE-2025-48916 | 0.00 | — | 0.00 | Jun 13, 2025 | Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13. | |||
| CVE-2025-48448 | 0.00 | — | 0.00 | Jun 11, 2025 | Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5. | |||
| CVE-2025-48446 | 0.00 | — | 0.00 | Jun 11, 2025 | Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3. | |||
| CVE-2025-48445 | 0.00 | — | 0.00 | Jun 11, 2025 | Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1. | |||
| CVE-2025-48013 | 0.00 | — | 0.00 | Jun 11, 2025 | Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0. | |||
| CVE-2025-48444 | 0.00 | — | 0.00 | Jun 11, 2025 | Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0. | |||
| CVE-2025-48012 | 0.00 | — | 0.00 | May 21, 2025 | Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||
| CVE-2025-48011 | 0.00 | — | 0.00 | May 21, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||
| CVE-2025-48010 | 0.00 | — | 0.00 | May 21, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0. | |||
| CVE-2025-48009 | 0.00 | — | 0.00 | May 21, 2025 | Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12. | |||
| CVE-2025-4416 | 0.00 | — | 0.00 | May 21, 2025 | Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2. | |||
| CVE-2025-4415 | 0.00 | — | 0.00 | May 21, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2. | |||
| CVE-2025-47710 | 0.00 | — | 0.00 | May 14, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||
| CVE-2025-47709 | 0.00 | — | 0.00 | May 14, 2025 | Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||
| CVE-2025-47708 | 0.00 | — | 0.00 | May 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||
| CVE-2025-47707 | 0.00 | — | 0.00 | May 14, 2025 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||
| CVE-2025-47706 | 0.00 | — | 0.00 | May 14, 2025 | Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. | |||
| CVE-2025-47705 | 0.00 | — | 0.00 | May 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through… | |||
| CVE-2025-47704 | 0.00 | — | 0.00 | May 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5. | |||
| CVE-2025-47703 | 0.00 | — | 0.00 | May 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14. | |||
| CVE-2025-47702 | 0.00 | — | 0.00 | May 14, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2. | |||
| CVE-2025-47701 | 0.00 | — | 0.00 | May 14, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0. | |||
| CVE-2025-3907 | 0.00 | — | 0.00 | Apr 23, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. | |||
| CVE-2025-3904 | 0.00 | — | 0.00 | Apr 23, 2025 | Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*. | |||
| CVE-2025-3903 | 0.00 | — | 0.00 | Apr 23, 2025 | Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*. | |||
| CVE-2025-3901 | 0.00 | — | 0.00 | Apr 23, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4. | |||
| CVE-2025-3900 | 0.00 | — | 0.00 | Apr 23, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3. | |||
| CVE-2025-3739 | 0.00 | — | 0.00 | Apr 16, 2025 | Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*. | |||
| CVE-2025-3738 | 0.00 | — | 0.00 | Apr 16, 2025 | Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*. | |||
| CVE-2025-3737 | 0.00 | — | 0.00 | Apr 16, 2025 | Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*. | |||
| CVE-2025-3736 | 0.00 | — | 0.00 | Apr 16, 2025 | Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*. | |||
| CVE-2025-3735 | 0.00 | — | 0.00 | Apr 16, 2025 | Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*. | |||
| CVE-2025-3733 | 0.00 | — | 0.00 | Apr 16, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1. | |||
| CVE-2025-3131 | 0.00 | — | 0.00 | Apr 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*. | |||
| CVE-2025-3475 | 0.00 | — | 0.00 | Apr 9, 2025 | Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0. | |||
| CVE-2025-3130 | 0.00 | — | 0.00 | Apr 2, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. | |||
| CVE-2025-3129 | 0.00 | — | 0.00 | Apr 2, 2025 | Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4. | |||
| CVE-2025-3062 | 0.00 | — | 0.00 | Mar 31, 2025 | Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. | |||
| CVE-2025-3061 | 0.00 | — | 0.00 | Mar 31, 2025 | Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*. | |||
| CVE-2025-3060 | 0.00 | — | 0.00 | Mar 31, 2025 | Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*. | |||
| CVE-2025-3059 | 0.00 | — | 0.00 | Mar 31, 2025 | Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. |
- CVE-2025-6675Jun 26, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0…
- CVE-2025-6674Jun 26, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3.
- CVE-2025-5682Jun 26, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7.
- CVE-2025-48922Jun 26, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16.
- CVE-2025-48923Jun 26, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1.
- CVE-2025-48915Jun 13, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
- CVE-2025-48914Jun 13, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.
- CVE-2025-48919Jun 13, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
- CVE-2025-48918Jun 13, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
- CVE-2025-48916Jun 13, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
- CVE-2025-48448Jun 11, 2025risk 0.00cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
- CVE-2025-48446Jun 11, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
- CVE-2025-48445Jun 11, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
- CVE-2025-48013Jun 11, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
- CVE-2025-48444Jun 11, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
- CVE-2025-48012May 21, 2025risk 0.00cvss —epss 0.00
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
- CVE-2025-48011May 21, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
- CVE-2025-48010May 21, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
- CVE-2025-48009May 21, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
- CVE-2025-4416May 21, 2025risk 0.00cvss —epss 0.00
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.
- CVE-2025-4415May 21, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.
- CVE-2025-47710May 14, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47709May 14, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47708May 14, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47707May 14, 2025risk 0.00cvss —epss 0.00
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47706May 14, 2025risk 0.00cvss —epss 0.00
Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
- CVE-2025-47705May 14, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through…
- CVE-2025-47704May 14, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5.
- CVE-2025-47703May 14, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14.
- CVE-2025-47702May 14, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.
- CVE-2025-47701May 14, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.
- CVE-2025-3907Apr 23, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.
- CVE-2025-3904Apr 23, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.
- CVE-2025-3903Apr 23, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.
- CVE-2025-3901Apr 23, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.
- CVE-2025-3900Apr 23, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.
- CVE-2025-3739Apr 16, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.
- CVE-2025-3738Apr 16, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.
- CVE-2025-3737Apr 16, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.
- CVE-2025-3736Apr 16, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.
- CVE-2025-3735Apr 16, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.
- CVE-2025-3733Apr 16, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.
- CVE-2025-3131Apr 9, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.
- CVE-2025-3475Apr 9, 2025risk 0.00cvss —epss 0.00
Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.
- CVE-2025-3130Apr 2, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.
- CVE-2025-3129Apr 2, 2025risk 0.00cvss —epss 0.00
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.
- CVE-2025-3062Mar 31, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.
- CVE-2025-3061Mar 31, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.
- CVE-2025-3060Mar 31, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.
- CVE-2025-3059Mar 31, 2025risk 0.00cvss —epss 0.00
Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
Page 4 of 25