CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7031 – Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
https://notcve.org/view.php?id=CVE-2025-7031
08 Jul 2025 — Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4. La vulnerabilidad de autenticación faltante para funciones críticas en Drupal Config Pages Viewer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Visor de páginas de configuración: desde la versión 0.0.0 hasta la 1.0.4. • https://www.drupal.org/sa-contrib-2025-086 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7030 – Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
https://notcve.org/view.php?id=CVE-2025-7030
08 Jul 2025 — Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0. La vulnerabilidad de privilegio definido con acciones inseguras en Drupal Two-factor Authentication (TFA) permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a la autenticación de dos factores (TFA): desde la v... • https://www.drupal.org/sa-contrib-2025-085 • CWE-267: Privilege Defined With Unsafe Actions •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6677 – Paragraphs table - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-084
https://notcve.org/view.php?id=CVE-2025-6677
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Paragraphs table allows Cross-Site Scripting (XSS).This issue affects Paragraphs table: from 2.0.0 before 2.0.5. • https://www.drupal.org/sa-contrib-2025-084 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6676 – Simple XML sitemap - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-083
https://notcve.org/view.php?id=CVE-2025-6676
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple XML sitemap allows Cross-Site Scripting (XSS).This issue affects Simple XML sitemap: from 0.0.0 before 4.2.2. • https://www.drupal.org/sa-contrib-2025-083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6675 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
https://notcve.org/view.php?id=CVE-2025-6675
26 Jun 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. • https://www.drupal.org/sa-contrib-2025-082 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6674 – CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081
https://notcve.org/view.php?id=CVE-2025-6674
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3. • https://www.drupal.org/sa-contrib-2025-081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5682 – Klaro Cookie & Consent Management - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-080
https://notcve.org/view.php?id=CVE-2025-5682
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7. • https://www.drupal.org/sa-contrib-2025-080 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-48921 – Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079
https://notcve.org/view.php?id=CVE-2025-48921
26 Jun 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. • https://www.drupal.org/sa-contrib-2025-079 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48922 – GLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078
https://notcve.org/view.php?id=CVE-2025-48922
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16. • https://www.drupal.org/sa-contrib-2025-078 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48923 – Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077
https://notcve.org/view.php?id=CVE-2025-48923
26 Jun 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1. • https://www.drupal.org/sa-contrib-2025-077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •