Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5. More information : https://www.drupal.org/sa-contrib-2025-108

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal Plausible tracking allows Cross-Site Scripting (XSS).This issue affects Plausible tracking: from 0.0.0 before 1.0.2. More information : https://www.drupal.org/sa-contrib-2025-107

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal JSON Field allows Cross-Site Scripting (XSS).This issue affects JSON Field: from 0.0.0 before 1.5. More information : https://www.drupal.org/sa-contrib-2025-106

The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption. More information : https://go.dev/cl/709860

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. More information : https://go.dev/cl/709859

The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. More information : https://go.dev/cl/709858

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. More information : https://go.dev/cl/707776

Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains. More...

Due to the design of the name constraint checking algorithm, the processing time of some inputs scals non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains....

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as “a=;”, an...

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. More information : https://go.dev/cl/709856

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause...

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO More information : https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124

On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes) More information : https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124