7.5
CVE-2025-63422 -
Incorrect access control in the Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to arbitrarily change the administrator username and password via sending a crafted GET request.
6.5
CVE-2025-57109 -
Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations.
6.3
CVE-2025-62257 -
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to โฆ
7.5
CVE-2025-12466 - Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
6.1
CVE-2025-12083 - CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
7.5
CVE-2025-12082 - CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
5.3
CVE-2025-10929 - Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
6.5
CVE-2025-10930 - Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
3.8
CVE-2025-10931 - Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
6.3
CVE-2025-10928 - Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.