CVE-2025-12466

by | Nov 12, 2025

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

CVE-2025-12083

by | Nov 12, 2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting (XSS).This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

CVE-2025-12082

by | Nov 12, 2025

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

CVE-2025-10931

by | Nov 12, 2025

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Umami Analytics allows Cross-Site Scripting (XSS).This issue affects Umami Analytics: from 0.0.0 before 1.0.1.

CVE-2025-10930

by | Nov 12, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0.
Exit mobile version