CVE-2025-31682 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Google Tag allows Cross-Site Scripting (XSS).This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.
Published: March 31, 2025; 6:15:20 PM -0400

CVE-2025-31683 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.
Published: March 31, 2025; 6:15:20 PM -0400

CVE-2025-31680 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.
Published: March 31, 2025; 6:15:20 PM -0400

CVE-2025-31681 - Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing.This issue affects Authenticator Login: from 0.0.0 before 2.0.6.
Published: March 31, 2025; 6:15:20 PM -0400

CVE-2024-41511 - A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-41512 - A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-41513 - A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-41514 - A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-41515 - A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-41516 - A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.
Published: October 04, 2024; 2:15:08 PM -0400

CVE-2024-46325 - TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.
Published: October 07, 2024; 9:15:15 AM -0400

CVE-2025-45846 - ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the torrentsindex parameter in the formBTClinetSetting function.
Published: May 08, 2025; 12:15:26 PM -0400

CVE-2025-45847 - ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
Published: May 08, 2025; 12:15:27 PM -0400

CVE-2025-3475 - Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.
Published: April 09, 2025; 2:15:51 PM -0400

CVE-2025-31675 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 1... read CVE-2025-31675
Published: March 31, 2025; 6:15:20 PM -0400

CVE-2025-31673 - Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
Published: March 31, 2025; 6:15:19 PM -0400

CVE-2024-55638 - Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is ex... read CVE-2024-55638
Published: December 09, 2024; 7:15:22 PM -0500

CVE-2024-55637 - Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that i... read CVE-2024-55637
Published: December 09, 2024; 7:15:22 PM -0500

CVE-2024-55636 - Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that i... read CVE-2024-55636
Published: December 09, 2024; 7:15:22 PM -0500

CVE-2024-55635 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
Published: December 09, 2024; 7:15:22 PM -0500