13925 matches found
DRUPAL-CONTRIB-2026-040
This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to an attacker being able to delete arbitrary cookies. This vulnerability is mitigated by the fact that an attacker needs ...
Cross-Site Scripting (XSS)
drupal/googletag is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a victim's browser through crafted input...
LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
📄 Drupal core 10.5.5 SQL Injection
This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...
Drupal Core 10.5.5 - Error-Based SQL Injection
Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...
Exploit for Improper Input Validation in Drupal
LAB 9-CVE-2018-7600 I. SYSTEM ANALYSIS Identify...
Missing Authorization
Drupal Authenticator Login is vulnerable to Missing Authorization. The vulnerability is due to improper authorization checks in the Authenticator Login component, which allows an attacker to perform forceful browsing and access restricted functionality or resources without proper authorization...
BIT-DRUPAL-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...
EUVD-2026-33229
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
EUVD-2026-33228
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-5343
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...
CVE-2026-6816
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
CVE-2026-6816 TFA Basic Plugins - Access Bypass
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
CVE-2026-6816
Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...
CVE-2026-5343
CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...
Drupal SAML SSO - Service Provider 安全漏洞
Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...
Drupal TFA Basic Plugins 安全漏洞
Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...
PT-2026-44707
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...
DRUPAL-CONTRIB-2026-038
The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...
Exploit for SQL Injection in Drupal
python3 c...