Filters
Symfony TwigTwig may load a template outside a configured directory when using the filesystem loader
7.5
First published (updated )
composer/drupal/coreDrupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
7.5
First published (updated )
composer/drupal/coreDrupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/guzzlehttp/psr7Improper Input Validation in guzzlehttp/psr7
7.5
First published (updated )
Oracle Financial Services Analytical Applications InfrastructureCross-site Scripting in CKEditor4
5.4
First published (updated )
Oracle Financial Services Analytical Applications InfrastructureRegular expression Denial of Service in dialog plugin
7.5
First published (updated )
composer/drupal/coreUnder some circumstances, the Drupal core JSON:API module does not properly restrict access to certa…
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
First published (updated )
composer/symfony/http-foundationCVE-2018-14773: Remove support for legacy and risky HTTP headers
6.5
First published (updated )
composer/drupal/coreDrupal Core Remote Code Execution Vulnerability
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreEntity access bypass for entities that do not have UUIDs or have protected revisions.
9.8
First published (updated )
composer/drupal/coreREST API can bypass comment approval.
7.4
First published (updated )
composer/drupal/coreViews does not properly restrict access to the Ajax endpoint.
6.5
First published (updated )
composer/drupal/coreFiles uploaded by anonymous users into a private file system can be accessed by other anonymous users
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalIncorrect cache context on password reset page
7.5
First published (updated )
Drupal DrupalUsers without "Administer comments" can set comment visibility on nodes they can edit
4.3
First published (updated )
Drupal DrupalFull config export can be downloaded without administrative permissions
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalFile upload access bypass and denial of service
8.1
First published (updated )
composer/guzzlehttp/guzzleEnvironment Variable Injection
8.1
First published (updated )