Drupal 8 Archives - Security Affairs

Drupal 8

Pierluigi Paganini February 23, 2018

Drupal addressed several vulnerabilities in Drupal 8 and 7

The Drupal development team addressed many vulnerabilities in both Drupal 8 and 7, including some flaws rated as “critical”. Drupal maintainers have fixed many vulnerabilities in Drupal 7 and 8, including some flaws rated as “critical.” One of the critical security vulnerabilities is related to partial cross-site scripting (XSS) prevention mechanisms that was addressed with Drupal 8.4.5 and 7.57 […]

Pierluigi Paganini August 17, 2017

Drupal maintainers fix several access bypass vulnerabilities in Drupal 8

Drupal maintainers this week released security updates to fix several access bypass vulnerabilities in Drupal 8. Update your installation. On Wednesday Drupal maintainers released security updates to fix several access bypass vulnerabilities in Drupal 8. The flaws affect several components, including the entity access system, the REST API and some views. The most severe vulnerability patched by Drupal 8.3.7 is a critical issue, tracked as CVE-2017-6925 that affects […]

Drupal 8

Drupal addressed several vulnerabilities in Drupal 8 and 7

Drupal maintainers fix several access bypass vulnerabilities in Drupal 8

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

QUICK LINKS

Drupal 8

Drupal addressed several vulnerabilities in Drupal 8 and 7

Drupal maintainers fix several access bypass vulnerabilities in Drupal 8

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

Subscribe to my email list and stay
up-to-date!