15368 matches found
CVE-2026-55807
A flaw was found in Drupal core. This Server-Side Request Forgery SSRF vulnerability allows an attacker to induce the server to make requests to an arbitrary domain, potentially leading to information disclosure or access to internal network resources...
CVE-2026-55808
A flaw was found in Drupal core. This improper neutralization of input during web page generation, commonly known as Cross-site Scripting XSS, allows an attacker to inject malicious scripts into web pages. When a user views an affected page, these scripts can execute in their browser. This could...
Drupal 7 CKEditor XSS
CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...
Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query
Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...
Drupal 11.x-dev - Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...
Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...
Linux Distros Unpatched Vulnerability : CVE-2024-12393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Core allows Cross-Site Scripting XSS.This issu...
--POC
Goby POC Collection Convert Goby vulnerability scan tools’...
EUVD-2026-43090
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
EUVD-2026-43088
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
EUVD-2026-43070
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
EUVD-2026-43069
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
EUVD-2026-43071
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...
EUVD-2026-43072
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...
EUVD-2026-43073
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...
EUVD-2026-43089
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
EUVD-2026-43093
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...
EUVD-2026-43091
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...
EUVD-2026-43092
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
EUVD-2026-43053
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...