Lucene search
K

464 matches found

OSV
OSV
added 4 days ago2 views

CVE-2026-15085 AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 4 days ago1 views

CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

4.3CVSS6.1AI score0.00119EPSS
Exploits0References5
CVE
CVE
added 4 days ago20 views

CVE-2026-13244

CVE-2026-13244 affects the Drupal integration module Tealium iQ Tag Management. The issue arises from how the module stores data in the PHP-serialized field tealiumiq, which can lead to an Object Injection vulnerability when serialized data is unserialized. Affected versions are Tealium iQ Tag Ma...

8.1CVSS6.1AI score0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13244 Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

0.00417EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-13231

Summary: CVE-2026-13231 affects Drupal Advanced Content Feedback (admin_feedback). The issue is improper neutralization of input during web page generation, causing a Stored XSS vulnerability. The vulnerable component is the admin_feedback module, with affected versions 0.0.0 through 2.8.0. The r...

6.1CVSS6.1AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 6 days ago3 views

DRUPAL-CONTRIB-2026-075

This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...

5.4CVSS6AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 3:27 p.m.4 views

DRUPAL-CONTRIB-2026-064

The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:43 p.m.4 views

DRUPAL-CONTRIB-2026-061

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to direct child paragraphs of library items through API endpoints. This vulnerability is mitigated by the fact the paragraphs\library module must be in use and...

6.5CVSS5.8AI score0.00132EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:40 p.m.4 views

DRUPAL-CONTRIB-2026-058

This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...

4.8CVSS5.9AI score0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:37 p.m.3 views

DRUPAL-CONTRIB-2026-055

This module enables you to utilize an agent to use Drupal core actions tools with bypassed access. Certain Drupal core actions, exposed as agent tools did not have correct access validation, and some core actions were missing associated access-level definitions. This vulnerability is mitigated by...

3.3CVSS5.8AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:35 p.m.5 views

DRUPAL-CONTRIB-2026-052

This module enables you to collect feedback from your site visitors on content pages, allowing them to optionally attach a free-text comment to their Yes/No vote. The module doesn't sufficiently verify authorization over the targeted feedback record when processing a comment submission. This...

3.1CVSS5.8AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:32 p.m.5 views

DRUPAL-CONTRIB-2026-051

This module enables you to collect feedback from your site visitors on content pages, presenting Yes/No buttons and providing dashboards for administrators to review the responses. The module doesn't sufficiently sanitize several administrator-configured response messages the "Yes response", "No...

6.1CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52177

Name of the Vulnerable Software and Affected Versions Tealium iQ Tag Management versions 0.0.0 through 2.4.0 Description Improperly controlled modification of dynamically-determined object attributes in the Tealium iQ Tag Management module allows for Object Injection. This occurs because the...

6.1AI score0.00417EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:38 p.m.6 views

DRUPAL-CONTRIB-2026-048

The Formatter Field module provides a mechanism for specifying a formatter and formatter settings to be used for displaying a field, on a per-entity basis. formatterfield stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can...

9.8CVSS5.5AI score0.00173EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/10 12:0 a.m.14 views

Composer - Critical - Unsupported - SA-CONTRIB-2026-046

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

5.3AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48592

Name of the Vulnerable Software and Affected Versions Examples for Developers versions 0.0.0 through 4.0.6 Description A missing authorization issue allows forceful browsing. Specifically, the "Read from a file" feature within the file example submodule can be used to expose any file that PHP can...

6.1AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 4:13 p.m.10 views

DRUPAL-CONTRIB-2026-041

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commercecheckout enabled, and the "Comments"...

5.8AI score0.00161EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/03 12:0 a.m.15 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

5.8AI score0.00142EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Drupal SAML SSO - Service Provider 安全漏洞

Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References2
Drupal
Drupal
added 2026/05/27 12:0 a.m.24 views

Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038

The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...

6AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder