Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in flexcubed PitchPrint pitchprint allows Path Traversal.This issue affects PitchPrint: from n/a through

Mattermost versions 11.4.x

GitLab has remediated an issue in GitLab EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to access API tokens of...

Incorrect privilege assignment vulnerability in HYPR Server allows Privilege Escalation.This issue affects HYPR Server: from 10.5.1 before 10.7. More information : https://www.hypr.com/trust-center/security-advisories

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2. More information : https://www.drupal.org/sa-contrib-2026-019

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal SAML SSO – Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO – Service Provider: from 0.0.0 before 3.1.3. More...

Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1. More information : https://www.drupal.org/sa-contrib-2026-017

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5. More information : https://www.drupal.org/sa-contrib-2026-016

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10. More information : https://www.drupal.org/sa-contrib-2026-015

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0. More information : https://www.drupal.org/sa-contrib-2026-014

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49. More information : https://www.drupal.org/sa-contrib-2026-013

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1. More information : https://www.drupal.org/sa-contrib-2026-012

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4. More information : https://www.drupal.org/sa-contrib-2026-011

Improper Neutralization of Input During Web Page Generation (“Cross-site Scripting”) vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1. More information :...