6.3
CVE-2025-62257 -
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to โฆ
7.5
CVE-2025-12466 - Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.
6.1
CVE-2025-12083 - CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
7.5
CVE-2025-12082 - CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112
Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.
5.3
CVE-2025-10929 - Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
6.5
CVE-2025-10930 - Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
3.8
CVE-2025-10931 - Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.
6.3
CVE-2025-10928 - Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.
6.1
CVE-2025-10927 - Plausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2.
6.1
CVE-2025-10926 - JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5.