Lucene search
K

13926 matches found

RedhatCVE
RedhatCVE
added 2026/05/20 4:5 p.m.15 views

CVE-2026-6366

A flaw was found in Drupal core. This vulnerability, categorized as an Improperly Controlled Modification of Dynamically-Determined Object Attributes, allows for object injection. An attacker could exploit this to potentially manipulate application logic or achieve other impacts depending on the...

6.6CVSS5.8AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.7 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes due to Improperly Controlled Modification of...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.8 views

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via entity suggestions whilst adding a link to CKEditor5. An attacker can execute arbitrary scripts in...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:35 p.m.5 views

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the jQuery integration for AJAX modal dialog boxes. An attacker can execute arbitrary scripts in t...

6.1CVSS5.6AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.12 views

EUVD-2026-30992

Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15...

5.8AI score0.00369EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.12 views

EUVD-2026-30989

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

5.8AI score0.00236EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:31 a.m.5 views

GHSA-F3CJ-MJQM-FHVJ Drupal core is Vulnerable to Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.1CVSS5.4AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 12:31 a.m.23 views

EUVD-2026-30988

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...

5.8AI score0.00196EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.10 views

Drupal core is Vulnerable to Cross-Site Scripting

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.1CVSS5.4AI score0.00238EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.12 views

Drupal core allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS5.4AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/20 12:31 a.m.8 views

Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.4AI score0.00399EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/20 12:31 a.m.13 views

EUVD-2026-31002

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

5.8AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.19 views

EUVD-2026-30999

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00399EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.14 views

EUVD-2026-30990

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...

5.8AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.16 views

EUVD-2026-30991

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 12:31 a.m.16 views

EUVD-2026-31000

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:31 a.m.6 views

GHSA-XMJC-63PR-2MPG Drupal core allows Object Injection

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.6CVSS5.4AI score0.00399EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 12:31 a.m.12 views

EUVD-2026-30997

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Orejime allows Cross-Site Scripting XSS. This issue affects Orejime: from 0.0.0 before 2.0.16...

5.8AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:31 a.m.5 views

GHSA-PW6F-3999-XP7G Drupal core allows Cross-Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

6.1CVSS5.4AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42361

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

6.2AI score
Exploits0References2
Rows per page
Query Builder