15383 matches found
EUVD-2026-43114
Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...
EUVD-2026-43048
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...
EUVD-2026-43115
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...
EUVD-2026-43049
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...
Server-side Request Forgery (SSRF)
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the request process. An attacker can make arbitrary requests to internal or external syste...
Cross-site Scripting (XSS)
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper input neutralization during web page generation. An attacker can execute arbitrary script...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the process of modifying dynamically-determin...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the deserialization process. An attacker can...
Open Redirect
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Open Redirect via the URL redirection process. An attacker can redirect users to malicious sites or poison cache by crafting...
CVE-2026-15087
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
CVE-2026-15089
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...
CVE-2026-15086
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-11915
vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...
CVE-2026-11913
vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...
CVE-2026-11914
vulnerability in Drupal Composer allows . This issue affects Composer versions:...
CVE-2026-58589
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...
CVE-2026-58591
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...
CVE-2026-58590
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...
CVE-2026-58588
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
CVE-2026-58587
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...