Drupal - CVE CyberSecurity Database News

Sep 28, 2023 API Exploit GraphQL Drupal Core

CVE-2023-5256: Drupal JSON:API Module Error Backtrace Leakage Vulnerability

In this long read post, we will delve deep into a recent vulnerability found in Drupal's JSON:API module. This vulnerability, dubbed CVE-2023-5256,

Apr 26, 2023 Exploit Apache PHP Drupal Core

CVE-2022-25277: Critical Bypass Vulnerability in Drupal Core Sanitizing File Uploads

A critical security vulnerability (CVE-2022-25277) has been identified in Drupal Core, affecting systems utilizing file uploads with specific extensions. This vulnerability allows attackers to bypass

Apr 26, 2023 API Exploit Drupal Core

CVE-2022-25278: Incorrect Form Element Access Evaluation in Drupal Core Could Allow Unauthorized Data Alteration

Drupal, a popular open-source content management system, has a recent security vulnerability with its core form API. This vulnerability, CVE-2022-25278, affects situations where the Drupal

Apr 26, 2023 Drupal Core

CVE-2022-25275: Image Access Vulnerability in Non-public File Systems

A security vulnerability has been identified in the Drupal Image module. This vulnerability, CVE-2022-25275, allows unauthorized access to files not stored in the standard public