6.6
CVE-2025-3060 - Flattern β Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005
Vulnerability in Drupal Flattern β Multipurpose Bootstrap Business Profile.This issue affects Flattern β Multipurpose Bootstrap Business Profile: *.*.
5.3
CVE-2025-3059 - Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002
Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.
4.8
CVE-2025-3036 - yzk2356911358 StudentServlet-JSP Student Management cross site scripting
A vulnerability, which was classified as problematic, was found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991. This affects an unknown part of the component Student Management Handler. The manipulation of the argument Name leadβ¦
5.3
CVE-2025-3018 - SourceCodester Online Eyewear Shop Users.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has β¦
6.1
CVE-2025-31697 - Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0.
6.1
CVE-2025-31696 - RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.
6.1
CVE-2025-31695 - Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.
8.1
CVE-2025-31694 - Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.
6.6
CVE-2025-31693 - AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
8.1
CVE-2025-26683 - Azure Playwright Elevation of Privilege Vulnerability
Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.