6.8
CVE-2025-31680 - Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.
6.1
CVE-2025-31679 - Ignition Error Pages - Critical - Cross Site Scripting - SA-CONTRIB-2025-007
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS).This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4.
8.2
CVE-2025-31678 - AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONβ¦
Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
8.8
CVE-2025-31677 - AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003
Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.
8.8
CVE-2025-31676 - Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-001
Weak Authentication vulnerability in Drupal Email TFA allows Brute Force.This issue affects Email TFA: from 0.0.0 before 2.0.3.
5.4
CVE-2025-31675 - Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.Β It β¦
7.5
CVE-2025-31674 - Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
4.6
CVE-2025-31673 - Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
6.1
CVE-2025-3057 - Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
4.8
CVE-2025-3017 - TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is possible to launch thβ¦