Drupal Login Disable 安全漏洞

Drupal Login Disable is an extension module for the Drupal content management system designed to restrict or disable user login functionality. Versions of Drupal Login Disable prior to 2.1.3 contained a security vulnerability; this vulnerability stemmed from using alternative paths or channels to...

Drupal Quick Edit 安全漏洞

Drupal Quick Edit is a content management system module provided by the Drupal company that enables quick editing and immediate modification of page content. Versions of Drupal Quick Edit prior to 1.0.5 and 2.0.1 contained security vulnerabilities, which were due to improper input handling and...

Drupal Islandora 安全漏洞

Drupal Islandora is an extension platform for content management systems developed by the Drupal company, used for digital asset management and digital library construction. Versions of Drupal Islandora prior to 2.17.5 contained a security vulnerability caused by improper input handling, which...

Drupal Anti-Spam by CleanTalk 安全漏洞

Drupal Anti-Spam by CleanTalk is a security module for content management systems provided by the Drupal company, which offers automatic spam detection and filtering capabilities. Versions of Drupal Anti-Spam by CleanTalk prior to version 9.7.0 contained a security vulnerability caused by imprope...

DRUPAL-CONTRIB-2026-030

This module provides a site administrator the ability to log users out after a specified time of inactivity. The module doesn't sufficiently protect its routes from cross-site request forgery CSRF, allowing the logout route to be triggered without user interaction...

DrupalDreggon2exploit

No d...

DRUPAL-CONTRIB-2026-029

This module creates permissions per node content type to control access to unpublished nodes per content type. The module does not consistently control access for unpublished translated nodes...

DRUPAL-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

PT-2026-28676

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 1.7.0 Description An incorrect authorization issue exists in Drupal’s Unpublished Node Permissions, allowing forceful browsing. The problem relates to inconsistent access control for unpublished translated nodes. The...

PT-2026-28635

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...

DRUPAL-CONTRIB-2026-027

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...

DRUPAL-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

DRUPAL-CONTRIB-2026-025

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate certain fields coming fro...

DRUPAL-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

DRUPAL-CONTRIB-2026-022

AJAX Dashboard: Entity Dashboards enables you to create configurable dashboards attached to entities which include AJAX-reloading of a main content area based on inputs from a configurable set of buttons. The module doesn't sufficiently check access on the dashboard configuration route...

DRUPAL-CONTRIB-2026-021

This module moves files to and from private storage depending on the access of its owning entities. The module does not always validate the access logic correctly, resulting in files attached to an entity not being protected in certain circumstances. This vulnerability is mitigated by the fact th...

PT-2026-23115

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequatel...

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...