173 matches found
CVE-2026-55808 Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....
CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...
CVE-2026-15084
The issue is a Stored XSS in Drupal UI Patterns (SDC in Drupal UI) caused by insufficient sanitization in versions 2.0.0–2.0.17. An attacker must have permissions to create/update content rendered by UI Patterns. Remediation: upgrade to a version later than 2.0.17.
CVE-2026-15082 Siteimprove Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-073
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...
CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071
Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...
CVE-2026-58587
CVE-2026-58587 affects Drupal Canvas (Canvas AI submodule). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Affected versions include 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1. Root ca...
CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
CVE-2026-13243
CVE-2026-13243 describes a CSRF vulnerability in the Drupal Salesforce Suite where the OAuth handshake during interactive authentication is not properly validated, enabling an attacker to hijack the authorization token and bind the site to the attacker’s Salesforce account. Affected versions are ...
CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...
CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...
CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053
Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...
CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044
Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...
CVE-2026-11908 Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...
CVE-2026-11908 Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...
LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...
BIT-DRUPAL-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...
CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
CVE-2026-8491 Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...
CVE-2026-6871
CVE-2026-6871 concerns the Drupal Obfuscate module. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are from 0.0.0 up to, but not including, 2.0.2. The root cause is insufficient sanitization when obfuscated emails are pro...