Lucene search
K

629 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 3 days ago5 views

CVE-2026-11913

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

9.8CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-11914

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

5.9CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-11915 Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

0.00153EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-15083

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

4.2CVSS6.1AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43390

CISA added an actively exploited Drupal SQL injection to its KEV catalog and gave federal agencies until Wednesday evening to patch. If you're running Drupal in production and haven't patched CVE-2025-50329, you're exposed to trivial database compromise. No auth required. cybersecurity infosec...

5.9AI score
Exploits0References1
Chainguard
Chainguard
added 2026/05/23 1:17 a.m.14 views

CVE-2026-46633 vulnerabilities

Vulnerabilities for packages: drupal...

5.8AI score0.00357EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/21 2:46 p.m.164 views

Exploit for CVE-2026-9082

CVE-2026-9082 / Drupal SA-CORE-2026-004 Proof of Concept...

6.5CVSS6.6AI score0.84631EPSS
Exploits14
Akamai Blog
Akamai Blog
added 2026/05/21 10:20 a.m.10 views

CVE-2026-9082: Mitigating a Critical SQL Injection Vulnerability in Drupal

Learn how the complex Drupal SQLi vulnerability CVE-2026-9082 exploits PostgreSQL environments and its data theft risks — and how to ensure you’re protected...

9.8CVSS5.8AI score0.84631EPSS
Exploits14
Vulnrichment
Vulnrichment
added 2026/05/19 10:28 p.m.8 views

CVE-2026-8491 Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:28 p.m.8 views

CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 10:28 p.m.19 views

CVE-2026-8491

CVE-2026-8491 involves an improper check in the Drupal Node View Permissions module that permits forceful browsing. Affected are Node View Permissions 0.0.0–1.6.x and 2.0.0–2.0.0, where cancelled users’ content reassigned to anonymous users could be exposed. Remediation: upgrade to 1.7.0 (for 0.0...

3.7CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/04/02 2:0 a.m.4 views

CVE-2026-5343

creationtimestamp| type| source ---|---|--- 2026-04-02 02:00:04+00:00| seen| https://www.drupal.org/sa-contrib-2026-031 2026-05-29 00:00:37+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mmxa6got322o 2026-05-29 00:00:45+00:00| seen|...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/26 8:2 p.m.3 views

CVE-2026-3526 File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

5.9AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 3:24 p.m.22 views

CVE-2026-3217

Summary: CVE-2026-3217 affects Drupal SAML SSO - Service Provider module. The issue is a failure to sufficiently sanitize user input, causing a reflected Cross-site Scripting (XSS) vulnerability in web page generation. Affected version range is: Drupal SAML SSO - Service Provider: before 3.1.3 (r...

6.1CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/28 8:16 p.m.5 views

CVE-2025-13982

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

8.1CVSS0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.6 views

CVE-2009-4990

Cross-site scripting XSS vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission...

4.3CVSS5.9AI score0.01022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:49 a.m.6 views

CVE-2009-4515

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors...

5CVSS7.1AI score0.01256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:44 a.m.7 views

CVE-2017-6921

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services rest module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or...

5.9CVSS6.5AI score0.01834EPSS
Exploits0References1
Rows per page
Query Builder