PT-2026-23114

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that could allow for authentication bypass. Specifically, if a user successfully authenticates with their Identi...

PT-2026-23113

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A Server-Side Request Forgery SSRF issue exists in the OpenID Connect / OAuth client module of Drupal. This flaw stems from insufficient validation of data received from...

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

EUVD-2012-5449

Malware in sbrugna...

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...