CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

CVE-2026-3525

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

EUVD-2026-15476

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

EUVD-2026-15465

Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4...

EUVD-2026-5339

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

CVE-2026-0946

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

EUVD-2025-206439

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

EUVD-2025-36880

Drupal JSON Field is vulnerable to XSS...

CVE-2025-12082

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

CVE-2025-9551

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5...

EUVD-2025-14927

Malicious code in bioql PyPI...

CVE-2025-8361

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...

CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

CVE-2025-8675 AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095

Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...

CVE-2025-8361

CVE-2025-8361 is a Missing Authorization vulnerability affecting Drupal Config Pages (plugin) prior to 2.18.0, leading to forced browsing of config pages. Affected component: Drupal Config Pages module (versions 0.0.0 through 2.17.9). Root cause: lack of proper authorization checks in config-page...

PT-2025-33501 · Drupal · Drupal Layout Builder Advanced Permissions

Name of the Vulnerable Software and Affected Versions: Drupal Layout Builder Advanced Permissions versions 0.0.0 through 2.1.9 Description: Missing authorization allows forceful browsing in Drupal Layout Builder Advanced Permissions. Recommendations: Update to version 2.2.0 or later...

PT-2025-33498 · Drupal · Drupal Config Pages

Name of the Vulnerable Software and Affected Versions: Drupal Config Pages versions 0.0.0 through 2.17.9 Description: Missing authorization allows forceful browsing of Config Pages. Recommendations: Update to version 2.18.0 or later...

PT-2025-33500 · Drupal · Drupal Authenticator Login

Name of the Vulnerable Software and Affected Versions: Drupal Authenticator Login versions 0.0.0 through 2.1.3 Description: An Authentication Bypass Using an Alternate Path or Channel issue exists in Drupal Authenticator Login, allowing for Authentication Bypass. Recommendations: Update to versio...