13921 matches found
EUVD-2026-16395
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
EUVD-2026-16377
Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...
EUVD-2026-16385
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16393
Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...
EUVD-2026-16389
Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16375
Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...
EUVD-2026-16391
Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...
EUVD-2026-16387
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
EUVD-2026-16383
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
EUVD-2026-16379
Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...
EUVD-2026-16381
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Calculation Fields allows Cross-Site Scripting XSS.This issue affects Calculation Fields: from 0.0.0 before 1.0.4...
CVE-2026-0748
CVE-2026-0748 affects the Drupal 7 Internationalization (i18n) module, specifically the i18n_node submodule. The vulnerability allows a user who has both Translate content and Administer content translations permissions to view and attach unpublished nodes via the translation UI and its autocompl...
CVE-2026-0748 Access bypass in Drupal 7 i18n_node translation UI
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
CVE-2026-0748
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
CVE-2026-0748 Access bypass in Drupal 7 i18n_node translation UI
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
CVE-2026-4393
Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...
CVE-2026-4933
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
CVE-2026-3531
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...
CVE-2026-3529
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...
CVE-2026-3530
Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...