Lucene search
K

173 matches found

Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55808 Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

0.00133EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-15084

The issue is a Stored XSS in Drupal UI Patterns (SDC in Drupal UI) caused by insufficient sanitization in versions 2.0.0–2.0.17. An attacker must have permissions to create/update content rendered by UI Patterns. Remediation: upgrade to a version later than 2.0.17.

5.4CVSS6.1AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15082 Siteimprove Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-073

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-15080 Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071

Cross-Site Request Forgery CSRF vulnerability in Drupal Ray Enterprise Translation allows Cross Site Request Forgery. This issue affects Ray Enterprise Translation versions: from 0.0.0 to 4.0.4, from 4.1.0 to 4.1.4, from 11.0.0 to 11.0.4...

0.00119EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-58587

CVE-2026-58587 affects Drupal Canvas (Canvas AI submodule). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Affected versions include 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1. Root ca...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References5
CVE
CVE
added 4 days ago26 views

CVE-2026-13243

CVE-2026-13243 describes a CSRF vulnerability in the Drupal Salesforce Suite where the OAuth handshake during interactive authentication is not properly validated, enabling an attacker to hijack the authorization token and bind the site to the attacker’s Salesforce account. Affected versions are ...

4.8CVSS6.1AI score0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

0.00142EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-13237 AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS6.1AI score0.00142EPSS
Exploits0References5
OSV
OSV
added 4 days ago5 views

CVE-2026-13235 AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References5
OSV
OSV
added 4 days ago2 views

CVE-2026-13233 OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

3.3CVSS6.1AI score0.00142EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-11909 Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-11908 Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...

0.00161EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-11908 Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...

5.4CVSS6.1AI score0.00161EPSS
Exploits0References5
Drupal
Drupal
added 2026/06/03 12:0 a.m.15 views

LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039

This module configures default editorial workflows for LocalGov Drupal content types. It provides a Drupal content moderation workflow, a content approvals dashboard, content scheduling and content preview. The module doesn't sufficiently restrict access to a view of Service Contacts at which...

5.8AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 8:39 a.m.7 views

BIT-DRUPAL-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 10:29 p.m.8 views

CVE-2026-8493 Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.8AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 10:28 p.m.41 views

CVE-2026-8491 Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 10:28 p.m.17 views

CVE-2026-6871

CVE-2026-6871 concerns the Drupal Obfuscate module. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Affected versions are from 0.0.0 up to, but not including, 2.0.2. The root cause is insufficient sanitization when obfuscated emails are pro...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder