Lucene search
K

13925 matches found

OSV
OSV
added 2026/06/03 4:11 p.m.7 views

DRUPAL-CONTRIB-2026-040

This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...

5.9AI score
Exploits0References1
Veracode
Veracode
added 2026/06/03 9:56 a.m.9 views

Cross-Site Scripting (XSS)

drupal/googletag is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a victim's browser through crafted input...

4.8CVSS5.5AI score0.00203EPSS
Exploits0References2Affected Software1
Drupal
Drupal
added 2026/06/03 12:0 a.m.11 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

5.8AI score
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/02 12:0 a.m.57 views

📄 Drupal core 10.5.5 SQL Injection

This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...

9.8CVSS6.1AI score0.84631EPSS
Exploits13
Exploit DB
Exploit DB
added 2026/06/01 12:0 a.m.57 views

Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

9.8CVSS6AI score0.84631EPSS
Exploits13
GithubExploit
GithubExploit
added 2026/05/30 10:3 a.m.115 views

Exploit for Improper Input Validation in Drupal

LAB 9-CVE-2018-7600 I. SYSTEM ANALYSIS Identify...

9.8CVSS7.5AI score0.99993EPSS
Exploits46
Veracode
Veracode
added 2026/05/30 8:55 a.m.11 views

Missing Authorization

Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...

9.8CVSS5.4AI score0.00373EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/29 8:41 a.m.9 views

BIT-DRUPAL-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

9.8CVSS6.1AI score0.84631EPSS
Exploits13References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.11 views

EUVD-2026-33229

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.11 views

EUVD-2026-33228

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 11:16 p.m.10 views

CVE-2026-5343

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

7.4CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 11:16 p.m.12 views

CVE-2026-6816

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS0.00321EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/28 10:50 p.m.11 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 10:50 p.m.16 views

CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/28 10:48 p.m.47 views

CVE-2026-5343

CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Drupal SAML SSO - Service Provider 安全漏洞

Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44707

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00321EPSS
Exploits1References3
OSV
OSV
added 2026/05/27 6:32 p.m.8 views

DRUPAL-CONTRIB-2026-038

The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...

6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/27 10:26 a.m.88 views

Exploit for SQL Injection in Drupal

python3 c...

9.8CVSS5.8AI score0.84631EPSS
Exploits13
Rows per page
Query Builder