CVE-2009-4526

The Send by e-mail sub-module in the Print aka Printer, e-mail and PDF versions module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a "Send to friend" form...

CVE-2008-6836

Cross-site request forgery CSRF vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors...

Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...

DRUPAL-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

DRUPAL-CONTRIB-2025-117

This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...

Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123

This module enables you to deploy content from one Drupal website to another. The module provides some default configuration without sufficient access control. This vulnerability is mitigated by the fact that an administrator can add some default access control permission...

Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...

CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

The module provides instant integration of the official CKEditor 5 Premium plugins into the Drupal editor configuration. This module has a path traversal vulnerability, which allows an access bypass to restricted image files in the system. This access bypass is possible for any account with a Vie...

Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

DRUPAL-CONTRIB-2025-116

This module provides the ability to convert any entity form into a simple multi-step form. The module doesn’t sufficiently filter certain user-provided text leading to a cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

CVE-2025-12466

The issue CVE-2025-12466 affects Drupal Simple OAuth (OAuth2) & OpenID Connect module, specifically versions 6.0.0 through 6.0.6 (before 6.0.7). Root cause is an authentication bypass via an alternate path or channel, enabling bypass of login/authentication. Impact is authenticated bypass risk as...

CVE-2025-12082

Summary of CVE-2025-12082 : Affected software is the Drupal CivicTheme Design System. The root cause is an incorrect authorization check that enables forceful browsing. This vulnerability allows disclosure of information via UI components (cards) that render content the user should not access. Im...

Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114

This module introduces an OAuth 2.0 authorization server, which can be configured to protect your Drupal instance with access tokens, or allow clients to request new access tokens and refresh them. The module doesn't sufficiently respect granted scopes, it affects all access checks that are based...

Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Adam Bramley acbramley in WordPress Module CivicTheme Design System versions 1.12.0...

Drupal CivicTheme Design System module < 1.12.0 - Unauthenticated Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure vulnerability discovered by Lee Rowlands larowlan in WordPress Module CivicTheme Design System versions 1.12.0...

EUVD-2012-2079

Malware in sbrugna...

EUVD-2009-2367

Malware in sbrugna...

EUVD-2008-4136

Malware in sbrugna...

EUVD-2009-2071

Malware in sbrugna...

EUVD-2013-4171

Malware in sbrugna...