22 matches found
CVE-2026-3216
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...
EUVD-2026-15476
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...
CVE-2026-3216
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...
CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...
CVE-2026-3216 Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...
CVE-2026-3216
CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...
Drupal Canvas 安全漏洞
Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.1.1 contained security vulnerabilities, which were due to susceptibility to server-side request forgeing attacks...
DRUPAL-CONTRIB-2026-017
This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...
PT-2026-22088
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.1.1 Description A Server-Side Request Forgery SSRF issue exists in the Drupal Canvas module. The vulnerability is exposed when the hidden canvas ai submodule is enabled, typically through Drupal Recipes or...
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
EUVD-2026-5339
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
CVE-2026-1553 describes an Incorrect Authorization vulnerability in the Drupal Canvas module that enables forceful browsing of unpublished Canvas Pages. Affected versions are Drupal Canvas prior to 1.0.4. The underlying issue is insufficient access validation for unpublished Canvas Pages, allowin...
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
Drupal Canvas 安全漏洞
Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.0.4 contained security vulnerabilities, which were due to improper authorization and could lead to forced browsing...
DRUPAL-CONTRIB-2026-006
This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to...