EUVD-2026-31377

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...

CVE-2026-4929

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

EUVD-2026-16420

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

CVE-2026-0748

CVE-2026-0748 affects the Drupal 7 Internationalization (i18n) module, specifically the i18n_node submodule. The vulnerability allows a user who has both Translate content and Administer content translations permissions to view and attach unpublished nodes via the translation UI and its autocompl...

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2026-0750

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0750

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0749

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

CVE-2026-0750

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

EUVD-2026-4876

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

CVE-2026-0750

CVE-2026-0750 describes an authentication bypass in the Drupal Commerce Paybox module on Drupal 7.x, caused by improper verification of a cryptographic signature. Affected products/components: Drupal Commerce Paybox for Drupal 7.x, specifically versions 7-x-1.0 through 7.X-1.5. The root cause is ...

CVE-2026-0750 Payment bypass in Commerce Paybox

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

EUVD-2026-4875

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0750 Payment bypass in Commerce Paybox

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

Fedora 42 : drupal7 (2025-f8a08bb335)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f8a08bb335 advisory. - https://www.drupal.org/project/drupal/releases/7.99 - https://www.drupal.org/project/drupal/releases/7.100 -...

Fedora 41 : drupal7 (2025-d645721ca4)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d645721ca4 advisory. - https://www.drupal.org/project/drupal/releases/7.99 - https://www.drupal.org/project/drupal/releases/7.100 -...

Fedora 43 : drupal7 (2025-355d5aac01)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-355d5aac01 advisory. - https://www.drupal.org/project/drupal/releases/7.99 - https://www.drupal.org/project/drupal/releases/7.100 -...