9.8
CVE-2024-55638 - Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerabiβ¦
9.8
CVE-2024-55637 - Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulneβ¦
9.8
CVE-2024-55636 - Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulneβ¦
6.1
CVE-2024-55635 - Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
8.1
CVE-2024-55634 - Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
5.4
CVE-2024-12393 - Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
2.7
CVE-2024-12174 -
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.
5.3
CVE-2024-55601 - Hugo does not escape some attributes in internal templates
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using β¦
7.5
CVE-2024-54151 - Directus allows unauthenticated access to WebSocket events and operations
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriβ¦
8.5
CVE-2024-54149 - Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletβ¦
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources suchβ¦