CVE-2025-31674

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-915
View all →

Vulnerability Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

Related Vulnerabilities

CVE-2022-48359

HIGH
CVSS:7.5(High)

The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.

CWE-9152022

CVE-2022-4068

HIGH
CVSS:7.6(High)

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This ...

CWE-9152022

CVE-2021-32807

HIGH
CVSS:7.2(High)

The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the c...

CWE-9152021

CVE-2021-32811

HIGH
CVSS:7.2(High)

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope ...

CWE-9152021

CVE-2024-3283

HIGH
CVSS:7.2(High)

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint ...

CWE-9152024

CVE-2022-2625

HIGH
CVSS:8.0(High)

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an...

CWE-9152022