9.1
CVE-2024-13242 - Swift Mailer - Moderately critical - Access bypass - SA-CONTRIB-2024-006
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.
9.1
CVE-2024-13241 - Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
7.5
CVE-2024-13240 - Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
9.8
CVE-2024-13239 - Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
5.4
CVE-2024-13238 - Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.
8.2
CVE-2025-21598 - Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packeβ¦
AnΒ Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to sendΒ malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Jβ¦
5.4
CVE-2024-13237 - File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONTβ¦
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38.
2.1
CVE-2025-22149 - JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use β¦
9.1
CVE-2025-21628 - Chatwoot has a Blind SQL-injection in Conversation and Contacts filters
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addinβ¦
7.1
CVE-2025-21600 - Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed β¦
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS)β¦