CVE-2026-3529

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

CVE-2026-3573

Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...

CVE-2026-3526

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3525

Incorrect Authorization vulnerability in Drupal File Access Fix deprecated allows Forceful Browsing.This issue affects File Access Fix deprecated: from 0.0.0 before 1.2.0...

CVE-2026-3528

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Calculation Fields allows Cross-Site Scripting XSS.This issue affects Calculation Fields: from 0.0.0 before 1.0.4...

CVE-2026-3527

Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AJAX Dashboard: from 0.0.0 before 3.1.0...

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2026-1556 Information disclosure via file URI overwrite in File (Field) Paths

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

CVE-2026-1556

CVE-2026-1556 affects Drupal 7.x (File (Field) Paths module). The vulnerability arises in the processing of file URIs for File (Field) Paths when filenames collide during uploads, allowing an authenticated user to disclose private files belonging to other users. This can cause hook_node_insert() ...

CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4393

The CVE-2026-4393 issue is a CSRF vulnerability in the Drupal Automated Logout module. The Root Cause: the logout routes are not sufficiently protected against CSRF, enabling an authenticated user to trigger unintended actions. Affected software: Drupal Automated Logout module; affected versions ...

CVE-2026-4393 Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030

Cross-Site Request Forgery CSRF vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2...

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

CVE-2026-4933

CVE-2026-4933: Drupal Unpublished Node Permissions contains an incorrect authorization flaw in which unpublished content can be accessed via forceful browsing. Affected component is the Unpublished Node Permissions module prior to version 1.7.0. The vulnerability permits bypassing intended access...

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

CVE-2026-3573 AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...

CVE-2026-3573 AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...

CVE-2026-3573

CVE-2026-3573 affects Drupal AI (Artificial Intelligence). Multiple sources confirm an incorrect authorization vulnerability that allows resource injection. Affected versions: Drupal AI 0.0.0 through 1.1.10 and 1.2.0 through 1.2.11. Under certain conditions, rendering HTML/Markdown via the module...

CVE-2026-3573

Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...