CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...

Drupal Login Time Restriction security vulnerability

Drupal Login Time Restriction is a login time restriction plugin for the Drupal community. Versions of Drupal Login Time Restriction prior to 1.0.3 contained a security vulnerability, which was caused by a cross-site request forgeing issue, potentially allowing cross-site request forgeing attacks...

Drupal: Vulnerability in the Disabled Login Page

Drupal Disable Login Page is a content blocking plugin for the Drupal community. Versions of Drupal Disable Login Page prior to 1.1.3 contained a security vulnerability. This vulnerability stemmed from an authentication bypass mechanism, which could lead to unauthorized functionality...

CVE-2025-10931

CVE-2025-10931 corresponds to a Cross-Site Scripting (XSS) vulnerability in Drupal Umami Analytics. The connected sources confirm the flaw arises from improper neutralization of input during web page generation and affects Umami Analytics versions prior to 1.0.1 (e.g., 0.0.0 up to before 1.0.1). ...

Drupal AI SEO Link Advisor 安全漏洞

Drupal AI SEO Link Advisor is an AI model calling plugin for the Drupal community. A security vulnerability exists in Drupal AI SEO Link Advisor versions prior to 1.0.6 that stems from the presence of a server-side request forgery vulnerability...

WordPress plugin FG Drupal to WordPress 代码问题漏洞

WordPress FG Drupal to WordPress is a plugin tool for migrating Drupal website content to WordPress, which supports the import of basic content such as articles, images, etc., but the free version does not include the comment import function. WordPress FG Drupal to WordPress suffers from a...

EU Cookie Compliance 安全漏洞

EU Cookie Compliance is a web plugin for the Drupal community. A security vulnerability exists in EU Cookie Compliance versions prior to 1.26.0 that stems from improper input neutralization and could lead to a cross-site scripting attack...

Cross-site scripting vulnerability in Drupal plugin osf

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal plugin osf. The program fails to filter user-supplied input, allowing an attacker to construct a malicious web pa...