| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*. |
| Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*. |
| Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*. |
| python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. |
| Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*. |
| Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*. |
| Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*. |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9. |
| For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. |
| Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. |
| python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1. |
| Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. |
| Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0. |
| Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*. |
| Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*. |
