Lucene search
K

807 matches found

Nuclei
Nuclei
added yesterday16 views

Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query

Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...

9.8CVSS7.1AI score0.84631EPSS
Exploits14References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43083

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43082

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43084

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

6.1AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

6.1AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
added 3 days ago2 views

Open Redirect

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Open Redirect via the URL redirection process. An attacker can redirect users to malicious sites or poison cache by crafting...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-55803

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

5.9CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55806

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

5.9CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55804

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

5.9CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55807

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

3.1CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-55808

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

5.4CVSS0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55808 Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

0.0015EPSS
Exploits0References1
CVE
CVE
added 4 days ago449 views

CVE-2026-55808

CVE-2026-55808 is a Drupal core XSS vulnerability caused by improper input neutralization during web page generation. Affects Drupal core versions including 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, 11.3.x before 11.3.12, and earlier 11.0./11.1. ranges. The issue arises...

5.4CVSS6.1AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

CVE-2026-55808 Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

5.4CVSS6.1AI score0.0015EPSS
Exploits0References5
CVE
CVE
added 4 days ago445 views

CVE-2026-55807

Drupal core is affected by CVE-2026-55807 via a Server-Side Request Forgery (SSRF) in the Media module’s oEmbed URL discovery, allowing the server to be induced to fetch arbitrary URLs. Affected versions include Drupal core from 0.0.0 up to 10.5.12, 10.6.0–10.6.11, 11.2.0–11.2.14, 11.3.0–11.3.12,...

3.1CVSS6.1AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

0.00133EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-55807 Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0., from 0.0.0 to 11.1...

3.1CVSS6.1AI score0.00133EPSS
Exploits0References5
CVE
CVE
added 4 days ago447 views

CVE-2026-55804

CVE-2026-55804 affects Drupal core across multiple branches (10.x, 11.x) and is related to a chain of gadget methods that could enable code execution or altered behavior when untrusted data is deserialized. The core issue is described as Improperly Controlled Modification of Dynamically-Determine...

5.9CVSS6.1AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 4 days ago446 views

CVE-2026-55806

CVE-2026-55806 affects Drupal core and is caused by a flaw in the rebuild.php front controller’s Host header validation, enabling an open redirect and related cache-poisoning risks. Affected versions include Drupal core 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, and 11.3...

5.9CVSS6.1AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder