CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

CVE-2026-39811

A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...

CVE-2026-0748

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

CVE-2025-12690

Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19, through 7.3.0, through 7.2.4, through 7.1.10...

CVE-2026-0749

Technical details, affected versions, and mitigation are not publicly provided in the supplied documents. Monitor for updates from official advisories and CVE entries.

CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

CVE-2025-14556

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

CVE-2025-14556

CVE-2025-14556 is an XSS in the Drupal Flag module. Affected: Drupal Flag versions 7.X-3.0 through 7.X-3.9 . Root cause: improper neutralization of input during web page generation . Impact: Cross-Site Scripting (XSS) vulnerability; attacker could inject scripts when users view pages. Exploitatio...

EUVD-2019-11114

Malware in sbrugna...

CVE-2021-23006

On all 7.x and 6.x versions fixed in 8.0.0, undisclosed BIG-IQ pages have a reflected cross-site scripting vulnerability. Note: Software versions which have reached End of Software Development EoSD are not evaluated...

CVE-2018-7603

In Drupal's 3rd party module search auto complete prior to versions 7.x-4.8 there is a Cross Site Scripting vulnerability. This Search Autocomplete module enables you to autocomplete textfield using data from your website nodes, comments, etc.. The module doesn't sufficiently filter user-entered...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.4, which stems from the inclusion of an authorization error vulnerability...

PT-2024-10480 · Drupal · Node Export

Name of the Vulnerable Software and Affected Versions: Drupal Node export versions 7.X- through 7.X-3.2 Description: The issue is related to the deserialization of untrusted data in the Node export module of the Drupal CMS, which can lead to object injection. This allows a remote attacker to...

PT-2024-10484 · Drupal · Drupal Basic Http Authentication

Name of the Vulnerable Software and Affected Versions: Drupal Basic HTTP Authentication versions 7.X-1.0 through 7.X-1.3 Drupal Basic HTTP Authentication versions prior to 7.X-1.4 Description: The issue is related to insufficient authorization mechanisms in the Basic HTTP Authentication module of...

PT-2023-10825 · Drupal · Responsive Menu

Name of the Vulnerable Software and Affected Versions: Responsive Menus versions 7.x-1.x-dev through 7.x-1.6 Description: A vulnerability was found in the Responsive Menus module on Drupal, affecting the responsive menus admin form submit function of the responsive menus.module file. This issue...

Grafana Privilege Escalation Vulnerability (GHSA-rhxj-gh46-jvw8)

Grafana is prone to a privilege escalation vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Design/Logic Flaw

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users...

Drupal Administration Views Module Access Privilege Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Administration Views is one of the modules used to replace the administration overview or list pages. An access rights bypass vulnerability exists in the Drupal Administration Views...