EUVD-2026-15423

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...

CVE-2026-1917

The CVE concerns Drupal Login Disable allowing an authentication bypass via an alternate path/channel. Affected software is the Login Disable module for Drupal, with versions prior to 2.1.3 vulnerable. The underlying issue is a functionality bypass when using alternative paths or channels to auth...

DRUPAL-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

CVE-2025-13986

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

CVE-2025-13982

CVE-2025-13982 describes a CSRF vulnerability in the Drupal Login Time Restriction module. Affected are versions prior to 1.0.3, where the module does not sufficiently protect its confirmation/logout routes from CSRF. Impact: an attacker could perform actions on behalf of authenticated users. Rem...

PT-2026-5201

Name of the Vulnerable Software and Affected Versions Drupal Login Time Restriction versions prior to 1.0.3 Description A Cross-Site Request Forgery CSRF issue exists in the Login Time Restriction module. This allows attackers to perform actions on behalf of authenticated users without their...

DRUPAL-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

EUVD-2024-51521

Malicious code in bioql PyPI...

CVE-2024-13309

Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...

CVE-2024-13309

Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...

CVE-2024-13309 Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073

Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...

CVE-2024-13309

CVE-2024-13309 affects the Drupal Login Disable module (versions 2.0.0–2.1.1). The root cause is improper authentication/incorrect access control, enabling a bypass of login protection intended by the module. The vulnerability could allow an attacker to log in or bypass restrictions for existing ...