Drupal DrupalThe file download facility doesn't sufficiently sanitize file paths in certain situations. This may …
composer/drupal/coreDrupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
Oracle Primavera GatewayXSS in `*Text` options of the Datepicker widget
Oracle Primavera UnifierXSS in the `of` option of the `.position()` util
Oracle Primavera UnifierXSS in the `altField` option of the Datepicker widget
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability
Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
composer/drupal/coreDrupal core Un-restricted Upload of File
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/drupalDrupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
Oracle REST Data ServicesPotential XSS vulnerability in jQuery
Oracle Banking Digital ExperiencePotential XSS vulnerability in jQuery
Fedoraproject FedoraAn access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Application Testing SuiteXSS, Input Validation
composer/drupal/coreDrupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004
composer/drupal/drupalPHAR stream wrapper Arbitrary PHP code execution
composer/drupal/drupalthird-party PEAR Archive_Tar library updates
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreDrupal Core Remote Code Execution Vulnerability
Debian Debian LinuxExternal link injection on 404 pages when linking to the current page.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalOpen redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update modul…
Drupal DrupalOpen redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.…
composer/drupal/coreFiles uploaded by anonymous users into a private file system can be accessed by other anonymous users
Drupal DrupalConfirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduc…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalSaving user accounts can sometimes grant the user all roles
Drupal DrupalBrute force amplification attacks via XML-RPC
Drupal DrupalFile upload access bypass and denial of service
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalSaving user accounts can sometimes grant the user all roles
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalOpen redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalOpen redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers…
Drupal DrupalDrupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password o…
Drupal DrupalOpen redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to…
Drupal DrupalDrupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted …
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.