CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1CVE-2025-21385 – Microsoft Purview Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-21385
09 Jan 2025 — A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. • https://github.com/Pauloxc6/CVE-2025-21385 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13281 – Monster Menus - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-045
https://notcve.org/view.php?id=CVE-2024-13281
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. • https://www.drupal.org/sa-contrib-2024-045 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13278 – Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042
https://notcve.org/view.php?id=CVE-2024-13278
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. • https://www.drupal.org/sa-contrib-2024-042 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-13276 – File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040
https://notcve.org/view.php?id=CVE-2024-13276
09 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. • https://www.drupal.org/sa-contrib-2024-040 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13272 – Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
https://notcve.org/view.php?id=CVE-2024-13272
09 Jan 2025 — Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. • https://www.drupal.org/sa-contrib-2024-036 • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13271 – Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035
https://notcve.org/view.php?id=CVE-2024-13271
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. • https://www.drupal.org/sa-contrib-2024-035 • CWE-863: Incorrect Authorization •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13270 – Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034
https://notcve.org/view.php?id=CVE-2024-13270
09 Jan 2025 — Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. • https://www.drupal.org/sa-contrib-2024-034 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13254 – REST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018
https://notcve.org/view.php?id=CVE-2024-13254
09 Jan 2025 — Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. • https://www.drupal.org/sa-contrib-2024-018 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 3.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22151 – Strawberry GraphQL has a type resolution vulnerability
https://notcve.org/view.php?id=CVE-2025-22151
09 Jan 2025 — This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. • https://github.com/strawberry-graphql/strawberry/commit/526eb82b70451c0e59d5a71ae9b7396f59974bd8 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13241 – Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
https://notcve.org/view.php?id=CVE-2024-13241
09 Jan 2025 — Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. • https://www.drupal.org/sa-contrib-2024-005 • CWE-285: Improper Authorization •