13925 matches found
PT-2026-23113
Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A Server-Side Request Forgery SSRF issue exists in the OpenID Connect / OAuth client module of Drupal. This flaw stems from insufficient validation of data received from...
OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...
PT-2026-23114
Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that could allow for authentication bypass. Specifically, if a user successfully authenticates with their Identi...
PT-2026-23115
Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequatel...
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...
Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023
This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...
PT-2026-23111
Name of the Vulnerable Software and Affected Versions Drupal Calculation Fields versions prior to 1.0.4 Description The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting XSS attacks. This...
honeypot-server
ReportedIP Honeypot Server !License: BSL 1.1https://img.s...
DRUPAL-CONTRIB-2026-019
This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
DRUPAL-CONTRIB-2026-018
This module enables you to perform SAML protocol-based single sign-on SSO on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting XSS vulnerability...
DRUPAL-CONTRIB-2026-017
This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...
DRUPAL-CONTRIB-2026-016
This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...
DRUPAL-CONTRIB-2026-015
This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...
DRUPAL-CONTRIB-2026-013
This module integrates the Tagify JavaScript library to enhance taxonomy entity reference widgets. The module does not sufficiently sanitise user-supplied input before rendering it inside JavaScript template strings within the Tagify widget. This allows arbitrary JavaScript execution in the brows...
DRUPAL-CONTRIB-2026-012
This module allows site builders to create so-called "theme\rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or...
DRUPAL-CONTRIB-2026-011
This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...
Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019
This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...
SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018
This module enables you to perform SAML protocol-based single sign-on SSO on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting XSS vulnerability...
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...
PT-2026-22090
Name of the Vulnerable Software and Affected Versions Drupal Responsive Favicons versions prior to 2.0.2 Description A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting XSS issue. An attacker must...