Drupal

NewsSecurity Vulnerabilities

Exploitation of Critical SQL Injection Vulnerability in Drupal (CVE-2026-9082)

– A critical vulnerability in the Drupal content management system is being actively exploited, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalogue.

Read More
NewsSecurity Vulnerabilities

Drupal Full Path Disclosure Vulnerability [CVE-2024-45440]

CVE number = CVE-2024-45440 core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the

Read More
NewsSecurity Vulnerabilities

Drupal Out-of-band security update addresses two vulnerabilities in the third-party library Guzzle [CVE-2022-31042 and CVE-2022-31043]

CVE numbers = CVE-2022-31042 and CVE-2022-31043 Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external

Read More
NewsSecurity Vulnerabilities

Drupal releases security update to addresses a vulnerability in the third-party library Guzzle [CVE-2022-29248]

Drupal uses the third-party Guzzle library for handling HTTP requests and responses to external services. Guzzle has released a security update which

Read More
NewsSecurity Vulnerabilities

Drupal – Critical Arbitrary PHP code execution Vulnerability

The Drupal project uses the PEAR Archive_Tar library. The PEAR Archive_Tar library has released a security update that impacts Drupal.

Read More
NewsSecurity Vulnerabilities

Drupal Releases Security Updates – Third-party library CKEditor

The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations. Vulnerabilities

Read More
NewsSecurity Vulnerabilities

Drupal File Module Cross-Site Scripting Vulnerability [CVE-2019-6341]

CVE Number – CVE-2019-6341 A vulnerability in File module/subsystem of Drupal could allow an authenticated, remote attacker to conduct a cross-site scripting

Read More
NewsSecurity Vulnerabilities

Drupal EU Cookie Compliance module cross-site scripting vulnerability

This module addresses the General Data Protection Regulation (GDPR) that came into effect 25th May 2018, and the EU Directive

Read More
NewsSecurity Vulnerabilities

Drupal PHP built-in phar Stream Wrapper Remote Code Execution Vulnerability [CVE-2019-6339]

CVE Number – CVE-2019-6339 A vulnerability in the PHP built-in phar stream wrapper used in Drupal could allow an authenticated, remote attacker

Read More
NewsSecurity Vulnerabilities

Drupal core PEAR Archive_Tar Library Vulnerability [CVE-2019-6338]

CVE Number – CVE-2019-6338 A vulnerability in the Drupal core PEAR Archive_Tar library of Drupal Core could allow an authenticated, remote attacker

Read More