5.3
CVE-2025-9552 - Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
6.5
CVE-2025-9551 - Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5.
6.1
CVE-2025-9550 - Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
6.5
CVE-2025-9549 - Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
8.8
CVE-2025-8093 - Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
8.7
CVE-2025-62159 - External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously retrieveβ¦
6.1
CVE-2025-52647 - HCL BigFix WebUI is affected by a host header poisoning vulnerability
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
6.1
CVE-2025-52885 - GHSL-2025-042: Poppler has Use-After-Free
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, whicβ¦
5.5
CVE-2025-61912 - python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to cβ¦
5.5
CVE-2025-61911 - python-ldap has sanitization bypass in ldap.filter.escape_filter_chars
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` paramβ¦