patch-to-exploit

patch-to-exploit Lab + PoC scripts for "30 minutes from patch...

CVE-2026-9082

A flaw was found in Drupal core. This vulnerability, identified as an SQL Injection CWE-89, allows a remote attacker to execute malicious SQL commands. By exploiting this, an attacker could potentially access, modify, or delete sensitive data within the database, leading to information disclosure...

CVE-2026-4093

A flaw was found in the Drupal 7 Term Reference Tree module. This vulnerability, a type of stored Cross-Site Scripting XSS, allows an authenticated attacker with permissions to edit or create taxonomy terms to inject malicious scripts. These scripts can execute when a user views a form containing...

PT-2026-43390

CISA added an actively exploited Drupal SQL injection to its KEV catalog and gave federal agencies until Wednesday evening to patch. If you're running Drupal in production and haven't patched CVE-2025-50329, you're exposed to trivial database compromise. No auth required. cybersecurity infosec...

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 CVSS score: 6.5, an...

GHSA-VCC8-PHRV-43WJ vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-7FXW-R6JV-74C8 vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-4J38-F5CW-54H7 vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-45VW-WH46-2VX8 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46633 vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-7P85-W9PX-JPJP vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46640 vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-24X9-R6Q4-Q93W vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46638 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46635 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46628 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2026-46634 vulnerabilities

Vulnerabilities for packages: drupal...

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal PostgreSQL SQL Injection Mass Scanner & E...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

EUVD-2026-31377

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...