PT-2026-29675

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

Linux Distros Unpatched Vulnerability : CVE-2026-1556

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to...

EUVD-2026-16422

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

EUVD-2026-16420

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

CVE-2026-0748

A flaw was found in the Drupal 7 Internationalization i18n module, specifically within its i18nnode submodule. A user possessing both "Translate content" and "Administer content translations" permissions can exploit this vulnerability. By utilizing the translation user interface UI and its...

CVE-2026-1556

A flaw was found in Drupal File Field Paths. This information disclosure vulnerability allows authenticated users to disclose other users’ private files. This can be exploited by performing filename-collision uploads, which causes the system to receive incorrect file Uniform Resource Identifiers...

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2026-0748

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

UBUNTU-CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2026-4933

A flaw was found in Drupal's Unpublished Node Permissions module. This incorrect authorization vulnerability allows an attacker to bypass intended access controls, potentially enabling them to view unpublished content through forceful browsing...

CVE-2026-4393

A flaw was found in Drupal Automated Logout. A remote attacker could exploit a Cross-Site Request Forgery CSRF vulnerability to trick an authenticated user into performing unintended actions. This could lead to unauthorized actions being executed on behalf of the user without their consent...

CVE-2026-3573

A flaw was found in Drupal AI Artificial Intelligence. An incorrect authorization vulnerability allows for resource injection. This issue enables an attacker to inject unauthorized resources, potentially leading to unintended system behavior or compromise...

CVE-2026-3529

A flaw was found in Drupal Google Analytics GA4. This vulnerability, identified as Cross-site Scripting XSS, arises from improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, which would then execute in a...

CVE-2026-3532

A flaw was found in the Drupal OpenID Connect / OAuth client. This vulnerability, stemming from improper handling of case sensitivity, allows an attacker to escalate their privileges. This could enable an unauthorized user to gain elevated access rights, potentially leading to unauthorized action...

CVE-2026-3530

A flaw was found in the Drupal OpenID Connect / OAuth client. This Server-Side Request Forgery SSRF vulnerability allows a remote attacker to trick the server into making unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information or enable...

CVE-2026-3525

A flaw was found in Drupal File Access Fix deprecated. An incorrect authorization vulnerability allows an attacker to perform forceful browsing, potentially leading to unauthorized access to sensitive information or resources. This issue arises due to improper checks on file access permissions...

CVE-2026-3531

A flaw was found in Drupal OpenID Connect / OAuth client. This authentication bypass vulnerability allows an attacker to bypass authentication by using an alternate path or channel. This can lead to unauthorized access to resources or functionalities protected by the authentication mechanism...

CVE-2026-3526

A flaw was found in Drupal File Access Fix deprecated. An incorrect authorization vulnerability allows an attacker to perform forceful browsing, potentially leading to unauthorized access to sensitive information or resources...

CVE-2026-3527

A flaw was found in the Drupal AJAX Dashboard. This vulnerability stems from missing authentication for critical functions, allowing an attacker to exploit incorrectly configured access control security levels. This could lead to unauthorized access to sensitive data or functions within the...