5.4
CVE-2025-36088 - IBM TS4500 cross-site scripting
IBM TS4500 1.11.0.0-D00, 1.11.0.1-C00, 1.11.0.2-C00, and 1.10.00-F00 web GUI is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosureβ¦
4.8
CVE-2025-43490 - HP Hotkey Support β Escalation of Privilege
A potential security vulnerability has been identified in the HPAudioAnalytics service included in the HP Hotkey Support software, which might allow escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.
2.6
CVE-2025-55285 - @backstage/plugin-scaffolder-backend Template Secret Leakage in Logs in Scaffolder When Using `fetcβ¦
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly redacted. If ${{ secrets.x }} is not passedβ¦
6.9
CVE-2025-7961 - KAP 3.6.0 - TCC Bypass
Improper Control of Generation of Code ('Code Injection') vulnerability in Wulkano KAP on MacOS allows TCC Bypass.This issue affects KAP: 3.6.0.
0.0
CVE-2025-8996 - Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.
0.0
CVE-2025-8995 - Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.
0.0
CVE-2025-8675 - AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095
Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6.
0.0
CVE-2025-8362 - GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.
0.0
CVE-2025-8361 - Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.
0.0
CVE-2025-8092 - COOKiES Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-092
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16.