CVE-2026-2348

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

Drupal File Access Fix 安全漏洞

Drupal File Access Fix is a file access repair tool provided by the Drupal company. Versions of Drupal File Access Fix prior to 1.2.0 contained security vulnerabilities; these vulnerabilities were due to improper authorization, which could lead to forced browsing...

PT-2026-28309

Name of the Vulnerable Software and Affected Versions Drupal versions 7.x-1.0 through 7.x-1.35 Description The Internationalization i18n module’s i18n node submodule in Drupal allows a user possessing both “Translate content” and “Administer content translations” permissions to view and attach...

Drupal Unpublished Node Permissions 安全漏洞

Drupal Unpublished Node Permissions is an extension developed by Drupal Corporation that allows for controlling access to unpublished content. Versions of Drupal Unpublished Node Permissions prior to 1.7.0 contained security vulnerabilities; these vulnerabilities were due to improper authorizatio...

Drupal File Access Fix 安全漏洞

Drupal File Access Fix is a file access repair tool provided by the Drupal company. Versions of Drupal File Access Fix prior to 1.2.0 contained security vulnerabilities; these vulnerabilities were due to improper authorization, which could lead to forced browsing...

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities; these vulnerabilities were due to server-side request forgery, which could...

Drupal AI 安全漏洞

Drupal AI is a module or solution within the Drupal community that integrates artificial intelligence capabilities. Versions of Drupal AI prior to 1.1.11 and 1.2.12 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to resource injection...

Drupal Calculation Fields 安全漏洞

Drupal Calculation Fields is an extension module developed by Drupal Corporation for field calculations and dynamic data processing. Versions of Drupal Calculation Fields prior to 1.0.4 contained a security vulnerability, which was caused by improper input handling and could lead to cross-site...

Drupal File Field Paths 安全漏洞

Drupal File Field Paths is an extension developed by Drupal Corporation that allows for custom file field storage paths. Versions of Drupal File Field Paths prior to 7.x-1.3 contained security vulnerabilities. These vulnerabilities stemmed from information leaks during the processing of file URIs...

Drupal Internationalization module 安全漏洞

The Drupal Internationalization module is a multilingual content management and localization support module provided by the Drupal company. Versions of the Drupal Internationalization module prior to 7.x-1.35 contained security vulnerabilities. These vulnerabilities stemmed from the i18nnode...

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative paths or channels...

Drupal OpenID Connect / OAuth client 安全漏洞

The Drupal OpenID Connect/OAuth client is an openID connection and OAuth client provided by the Drupal company. Versions of the Drupal OpenID Connect/OAuth client prior to version 1.5.0 contained security vulnerabilities. These vulnerabilities were due to improper handling of case sensitivity,...

Drupal AJAX Dashboard 安全漏洞

Drupal AJAX Dashboard is an ajax dashboard developed by the Drupal company. Versions of Drupal AJAX Dashboard prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication for critical functions, which could lead to security breaches due to...

Drupal Automated Logout 安全漏洞

Drupal Automated Logout is a login logout plugin developed by the Drupal company. Versions prior to 1.7.0 and 2.0.2 of Drupal Automated Logout contained security vulnerabilities, which were due to a vulnerability that could be exploited by cross-site request forgery attacks...

PT-2026-28313

Name of the Vulnerable Software and Affected Versions Drupal File Field Paths versions prior to 7.1.3 Description An information disclosure issue exists in the file URI processing of File Field Paths in Drupal. Authenticated users can potentially disclose other users’ private files through...

Drupal Google Analytics GA4 安全漏洞

Drupal Google Analytics GA4 is an integrated module for website traffic statistics and analysis developed by the Drupal company. Versions of Drupal Google Analytics GA4 prior to 1.1.14 contained a security vulnerability caused by improper input handling, which could lead to cross-site scripting...

EUVD-2026-15479

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting XSS.This issue affects Responsive Favicons: from 0.0.0 before 2.0.2...

EUVD-2026-15476

Server-Side Request Forgery SSRF vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1...

EUVD-2026-15473

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10...

EUVD-2026-15471

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting XSS.This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0...