Drupal

NewsSecurity Vulnerabilities

Drupal Full Path Disclosure Vulnerability [CVE-2024-45440]

CVE number = CVE-2024-45440 core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the

Read More
NewsSecurity Vulnerabilities

Drupal Out-of-band security update addresses two vulnerabilities in the third-party library Guzzle [CVE-2022-31042 and CVE-2022-31043]

CVE numbers = CVE-2022-31042 and CVE-2022-31043 Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external

Read More
NewsSecurity Vulnerabilities

Drupal releases security update to addresses a vulnerability in the third-party library Guzzle [CVE-2022-29248]

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which

Read More
NewsSecurity Vulnerabilities

Drupal – Critical Arbitrary PHP code execution Vulnerability

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal.

Read More
NewsSecurity Vulnerabilities

Drupal Releases Security Updates – Third-party library CKEditor

The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations. Vulnerabilities

Read More
NewsSecurity Vulnerabilities

Drupal File Module Cross-Site Scripting Vulnerability [CVE-2019-6341]

CVE Number – CVE-2019-6341 A vulnerability in File module/subsystem of Drupal could allow an authenticated, remote attacker to conduct a cross-site scripting

Read More
NewsSecurity Vulnerabilities

Drupal EU Cookie Compliance module cross-site scripting vulnerability

This module addresses the General Data Protection Regulation (GDPR) that came into effect 25th May 2018, and the EU Directive

Read More
NewsSecurity Vulnerabilities

Drupal PHP built-in phar Stream Wrapper Remote Code Execution Vulnerability [CVE-2019-6339]

CVE Number – CVE-2019-6339 A vulnerability in the PHP built-in phar stream wrapper used in Drupal could allow an authenticated, remote attacker

Read More
NewsSecurity Vulnerabilities

Drupal core PEAR Archive_Tar Library Vulnerability [CVE-2019-6338]

CVE Number – CVE-2019-6338 A vulnerability in the Drupal core PEAR Archive_Tar library of Drupal Core could allow an authenticated, remote attacker

Read More
NewsSecurity News

New Attacks Targeting Drupal Websites

A new attack methodology has been identified which involves the Dirty COW and Drupalgeddon 2 vulnerabilities present in unpatched Drupal

Read More