CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7716 – Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091
https://notcve.org/view.php?id=CVE-2025-7716
21 Jul 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Real-time SEO for Drupal allows Cross-Site Scripting (XSS).This issue affects Real-time SEO for Drupal: from 2.0.0 before 2.2.0. • https://www.drupal.org/sa-contrib-2025-091 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48294 – WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2025-48294
16 Jul 2025 — Server-Side Request Forgery (SSRF) vulnerability in Kerfred FG Drupal to WordPress allows Server Side Request Forgery. This issue affects FG Drupal to WordPress: from n/a through 3.90.0. The FG Drupal to WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.90.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can ... • https://patchstack.com/database/wordpress/plugin/fg-drupal-to-wp/vulnerability/wordpress-fg-drupal-to-wordpress-plugin-3-90-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-6675 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
https://notcve.org/view.php?id=CVE-2025-6675
26 Jun 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. • https://www.drupal.org/sa-contrib-2025-082 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47710 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
https://notcve.org/view.php?id=CVE-2025-47710
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-056 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47709 – Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055
https://notcve.org/view.php?id=CVE-2025-47709
14 May 2025 — Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-055 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47708 – Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
https://notcve.org/view.php?id=CVE-2025-47708
14 May 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-054 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47707 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053
https://notcve.org/view.php?id=CVE-2025-47707
14 May 2025 — Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-053 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-47706 – Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052
https://notcve.org/view.php?id=CVE-2025-47706
14 May 2025 — Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0. • https://www.drupal.org/sa-contrib-2025-052 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3739 – Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040
https://notcve.org/view.php?id=CVE-2025-3739
16 Apr 2025 — Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*. • https://www.drupal.org/sa-contrib-2025-040 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3062 – Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010
https://notcve.org/view.php?id=CVE-2025-3062
31 Mar 2025 — Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*. • https://www.drupal.org/sa-contrib-2025-010 • CWE-287: Improper Authentication •