CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm•added yesterday•14 views

📄 Drupal core 10.5.5 SQL Injection

This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...

Exploit DB•added 2 days ago•27 views

Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

9.8CVSS6AI score0.13033EPSS

OSV•added 5 days ago•5 views

BIT-DRUPAL-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

RedhatCVE•added 2026/05/26 11:44 a.m.•8 views

Exploits10References3

CVE-2026-9082

A flaw was found in Drupal core. This vulnerability, identified as an SQL Injection CWE-89, allows a remote attacker to execute malicious SQL commands. By exploiting this, an attacker could potentially access, modify, or delete sensitive data within the database, leading to information disclosure...

CISA•added 2026/05/22 12:0 p.m.•3 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-9082link is external Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

In wildExploits10References6

VulnCheck KEV•added 2026/05/22 12:0 a.m.•17 views

VulnCheck KEV: CVE-2026-9082

9.8CVSS5.8AI score0.13033EPSS

In wildExploits10References4

CISA KEV Catalog•added 2026/05/22 12:0 a.m.•4 views

Drupal Core SQL Injection Vulnerability

Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API...

9.8CVSS6.7AI score0.13033EPSS

In wildExploits10

Imperva Blog•added 2026/05/21 8:54 p.m.•7 views

Imperva Customers Protected Against CVE-2026-9082 in Drupal Core

TL;DR:CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core that can be exploited by unauthenticated users against Drupal sites using PostgreSQL. The vulnerability affects Drupal’s database abstraction API and can allow specially crafted requests to trigger arbitrary SQL...

9.8CVSS6.3AI score0.13033EPSS

GithubExploit•added 2026/05/21 10:42 a.m.•182 views

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal Core PostgreSQL SQL Injection PoC...

6.5CVSS6.2AI score0.13033EPSS

OSV•added 2026/05/21 8:39 a.m.•2 views

BIT-DRUPAL-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS5.8AI score0.00033EPSS

Exploits0References2

OSV•added 2026/05/21 8:39 a.m.•4 views

BIT-DRUPAL-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.8AI score0.00052EPSS

Exploits0References2

OSV•added 2026/05/21 8:39 a.m.•2 views

BIT-DRUPAL-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

6.1CVSS5.8AI score0.00033EPSS

Exploits0References2

NCSC•added 2026/05/21 7:55 a.m.•6 views

Flattening of vulnerability issues within the Drupal core

Drupal has identified a vulnerability in the Drupal core versions starting from 8.9.0, specifically versions 10.x and 11.x. The vulnerability involves SQL injection in the Drupal’s database abstraction API. As a result, unauthorized malicious actors can execute arbitrary SQL injections on sites...

9.8CVSS6.2AI score0.13033EPSS

Exploits10References1

GithubExploit•added 2026/05/21 4:30 a.m.•87 views

Exploit for CVE-2026-9082

CVE-2026-9082 Type: SQL Injection CWE-89 Affected Pr...

6.5CVSS6.1AI score0.13033EPSS

The Hacker News•added 2026/05/21 3:44 a.m.•14 views

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 o...

6.5CVSS6.4AI score0.13033EPSS

Snyk•added 2026/05/20 9:45 p.m.•6 views

SQL Injection

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to SQL Injection via the process that handles SQL queries. An attacker can execute arbitrary SQL commands by injecting specially...

9.8CVSS6.3AI score0.13033EPSS

NVD•added 2026/05/20 8:16 p.m.•8 views

CVE-2026-9082

9.8CVSS0.13033EPSS