15 matches found
EUVD-2026-15423
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917
The Drupal Login Disable module is reported to allow login without the required access key via the HTTP request login route: the module does not check the access key on that route, enabling login without the key. This vulnerability is described in OSV-DRUPAL-CONTRIB-2026-008 and PT-2026-6544; no ...
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
CVE-2026-1917 Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3...
DRUPAL-CONTRIB-2026-026
This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...
CVE-2025-13986
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...
CVE-2025-13982
CVE-2025-13982 describes a CSRF vulnerability in the Drupal Login Time Restriction module. Affected are versions prior to 1.0.3, where the module does not sufficiently protect its confirmation/logout routes from CSRF. Impact: an attacker could perform actions on behalf of authenticated users. Rem...
PT-2026-5201
Name of the Vulnerable Software and Affected Versions Drupal Login Time Restriction versions prior to 1.0.3 Description A Cross-Site Request Forgery CSRF issue exists in the Login Time Restriction module. This allows attackers to perform actions on behalf of authenticated users without their...
DRUPAL-CONTRIB-2025-124
This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...
EUVD-2024-51521
Malicious code in bioql PyPI...
CVE-2024-13309
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
CVE-2024-13309
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...
CVE-2024-13309
CVE-2024-13309 affects the Drupal Login Disable module (versions 2.0.0–2.1.1). The root cause is improper authentication/incorrect access control, enabling a bypass of login protection intended by the module. The vulnerability could allow an attacker to log in or bypass restrictions for existing ...
CVE-2024-13309 Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1...