CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2025-3130 – Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029
https://notcve.org/view.php?id=CVE-2025-3130
02 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. • https://www.drupal.org/sa-contrib-2025-029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-3129 – Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028
https://notcve.org/view.php?id=CVE-2025-3129
02 Apr 2025 — Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4. • https://www.drupal.org/sa-contrib-2025-028 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3062 – Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010
https://notcve.org/view.php?id=CVE-2025-3062
31 Mar 2025 — Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. • https://www.drupal.org/sa-contrib-2025-010 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31697 – Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026
https://notcve.org/view.php?id=CVE-2025-31697
31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0. • https://www.drupal.org/sa-contrib-2025-026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31696 – RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025
https://notcve.org/view.php?id=CVE-2025-31696
31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1. • https://www.drupal.org/sa-contrib-2025-025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31695 – Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024
https://notcve.org/view.php?id=CVE-2025-31695
31 Mar 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0. • https://www.drupal.org/sa-contrib-2025-024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31694 – Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023
https://notcve.org/view.php?id=CVE-2025-31694
31 Mar 2025 — Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0. • https://www.drupal.org/sa-contrib-2025-023 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31693 – AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
https://notcve.org/view.php?id=CVE-2025-31693
31 Mar 2025 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. • https://www.drupal.org/sa-contrib-2025-022 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31692 – AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
https://notcve.org/view.php?id=CVE-2025-31692
31 Mar 2025 — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. • https://www.drupal.org/sa-contrib-2025-021 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31691 – OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020
https://notcve.org/view.php?id=CVE-2025-31691
31 Mar 2025 — Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. • https://www.drupal.org/sa-contrib-2025-020 • CWE-862: Missing Authorization •