CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13914 matches found

Vulnrichment•added 2026/05/28 10:50 p.m.•9 views

CVE-2026-6816 TFA Basic Plugins - Access Bypass

An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2...

5.1CVSS5.8AI score0.00029EPSS

Exploits1References2

CVE•added 2026/05/28 10:50 p.m.•11 views

CVE-2026-6816

Concretely, CVE-2026-6816 affects Drupal TFA Basic Plugins (versions 7.x-1.0 through 7.x-1.2). The issue is an access bypass in which users with the administer users permission can view or generate recovery codes for other users, enabling information disclosure of recovery credentials. The root c...

5.1CVSS5.8AI score0.00029EPSS

Exploits1References3Affected Software1

CVE•added 2026/05/28 10:48 p.m.•23 views

CVE-2026-5343

CVE-2026-5343 affects the Drupal SAML SSO - Service Provider module. The issue is an improper check for unusual or exceptional conditions that enables privilege escalation. Affected versions are 0.0.0 up to, but not including, 3.1.4. The CVSSv3.1 vector indicates NETWORK attack, high complexity, ...

7.4CVSS5.8AI score0.00043EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•11 views

PT-2026-44707

5.1CVSS5.8AI score0.00029EPSS

Exploits1References3

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Drupal SAML SSO - Service Provider 安全漏洞

Drupal SAML SSO – Service Provider is a Drupal Single Sign-On and SAML authentication module provided by the Drupal company. Versions of Drupal SAML SSO – Service Provider prior to 3.1.4 contained a security vulnerability. This vulnerability stemmed from improper exception condition checks, which...

7.4CVSS5.8AI score0.00043EPSS

Exploits0References2

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Drupal TFA Basic Plugins 安全漏洞

Drupal TFA Basic Plugins is a set of Drupal two-factor authentication extensions developed by the Drupal company. Versions 7.x-1.0 to 7.x-1.2 of Drupal TFA Basic Plugins contain security vulnerabilities. These vulnerabilities stem from access bypass issues, which could allow users with...

5.1CVSS5.8AI score0.00029EPSS

Exploits1References2

OSV•added 2026/05/27 6:32 p.m.•6 views

DRUPAL-CONTRIB-2026-038

The Basket module enables e-commerce and checkout functionality for Drupal sites. The module does not sufficiently sanitize user-supplied data before passing it to PHP's unserialize. An attacker can supply a crafted payload and trigger PHP Object Injection. If a viable gadget chain exists in the...

6AI score

Exploits0References1

GithubExploit•added 2026/05/27 10:26 a.m.•69 views

Exploit for SQL Injection in Drupal

python3 c...

9.8CVSS5.8AI score0.10403EPSS

Exploits12

GithubExploit•added 2026/05/27 9:11 a.m.•74 views

Exploit for SQL Injection in Drupal

CVE-2026-9082 Passive checker for CVE-2026-9082 / SA-CORE-2...

9.8CVSS6.1AI score0.10403EPSS

Exploits12

GithubExploit•added 2026/05/27 1:16 a.m.•94 views

Exploit for Deserialization of Untrusted Data in Drupal

CVE-2019-6340 — Drupal RESTful Web Services RCE Python imple...

8.1CVSS8AI score0.9441EPSS

Exploits22

Positive Technologies•added 2026/05/27 12:0 a.m.•12 views

PT-2026-44164

Name of the Vulnerable Software and Affected Versions Basket versions prior to 2.1.17 Description The Basket module, which provides e-commerce and checkout functionality for Drupal sites, fails to sufficiently sanitize user-supplied data before it is processed by the PHP unserialize function. Thi...

5.9AI score

Exploits0References3

Drupal•added 2026/05/27 12:0 a.m.•13 views

Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038

6AI score

Exploits0References1

GithubExploit•added 2026/05/26 4:2 p.m.•75 views

patch-to-exploit

patch-to-exploit Lab + PoC scripts for "30 minutes from patch...

9.8CVSS6.1AI score0.10403EPSS

Exploits19

RedhatCVE•added 2026/05/26 11:44 a.m.•11 views

CVE-2026-9082

A flaw was found in Drupal core. This vulnerability, identified as an SQL Injection CWE-89, allows a remote attacker to execute malicious SQL commands. By exploiting this, an attacker could potentially access, modify, or delete sensitive data within the database, leading to information disclosure...

9.8CVSS6.1AI score0.10403EPSS

Exploits12References2

RedhatCVE•added 2026/05/26 11:16 a.m.•11 views

CVE-2026-4093

A flaw was found in the Drupal 7 Term Reference Tree module. This vulnerability, a type of stored Cross-Site Scripting XSS, allows an authenticated attacker with permissions to edit or create taxonomy terms to inject malicious scripts. These scripts can execute when a user views a form containing...

5.4CVSS5.8AI score0.00029EPSS

Exploits1References2

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43390

CISA added an actively exploited Drupal SQL injection to its KEV catalog and gave federal agencies until Wednesday evening to patch. If you're running Drupal in production and haven't patched CVE-2025-50329, you're exposed to trivial database compromise. No auth required. cybersecurity infosec...

5.9AI score

Exploits0References1

The Hacker News•added 2026/05/23 7:23 a.m.•18 views

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 CVSS score: 6.5, an...

9.8CVSS6.8AI score0.10403EPSS

Exploits12