72077 matches found
EUVD-2026-43060
Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
EUVD-2026-43063
Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...
EUVD-2026-43114
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
EUVD-2026-43050
Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...
EUVD-2026-43059
Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...
EUVD-2026-43056
Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...
MinIO Cluster Deployment - Information Disclosure
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...
Bonita Web 2021.2 - Authentication/Authorization Bypass
Bonita Web 2021.2 contains an authentication/authorization bypass vulnerability caused by an overly broad exclude pattern in RestAPIAuthorizationFilter, allowing unauthenticated users to access privileged API endpoints by appending ;i18ntranslation or /../i18ntranslation/ to the URL. id:...
Modoboa < 2.1.0 - Improper Authorization
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. id: CVE-2023-2227 info: name: Modoboa 2.1.0 - Improper Authorization author: ritikchaddha,princechaddha severity: critical description: | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. impact:...
QNAP HBS 3 - Broken Access Control
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...
Keycloak - Open Redirect
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
CVE-2026-58590
FlowDrop (Drupal module) has a Missing Authorization vulnerability that allows Forceful Browsing, affecting FlowDrop versions 0.0.0 through 1.6.0. The Drupal SA-CONTRIB-2026-068 advisory and related records describe an access-bypass weakness involving workflow administration permissions (Administ...
CVE-2026-58589
CVE-2026-58589 concerns the Drupal FlowDrop module, where a missing authorization vulnerability enables forceful browsing/bypass of access controls. Affected are FlowDrop versions 0.0.0 through 1.6.0. The connected documents identify the issue as an access-bypass through inadequate permission enf...
CVE-2026-13241
The CVE-2026-13241 entry concerns Drupal Paragraphs with a Missing Authorization vulnerability that enables Forceful Browsing. Affected product/version: Paragraphs modules from 0.0.0 up to 1.21.0. Root cause: insufficient access control on direct child paragraphs, enabling unauthorized access to ...
CVE-2026-13239
CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...
CVE-2026-13237
The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...
CVE-2026-13236
CVE-2026-13236 affects the Drupal AI Agents module. The issue is a Missing Authorization vulnerability that permits forceful browsing due to insufficient permission checks when a tool loads content entities. Affected versions are: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. The root cause is inade...
CVE-2026-13235
The CVE-2026-13235 entry concerns Drupal AI (Artificial Intelligence) module with Missing Authorization allowing forceful browsing. Affected versions are 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. Connected sources (NVD, CVE listings, and Drupal SA) confirm a product/component level exposure whe...
CVE-2026-11909
CVE-2026-11909 concerns a missing authorization vulnerability in the Drupal Examples for Developers project, specifically in the file handling behavior exposed by the file_example submodule. The issue enables forceful browsing by allowing access to files PHP can reach, across Examples for Develop...
CVE-2026-10768
CVE-2026-10768 describes a Missing Authorization vulnerability in Drupal LocalGov Workflows that allows forceful browsing. Affected are LocalGov Workflows versions 0.0.0 to 1.6.0. The root cause is insufficient access controls that expose a view of Service Contacts, leading to potential informati...