Lucene search
K

13925 matches found

Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-23113

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A Server-Side Request Forgery SSRF issue exists in the OpenID Connect / OAuth client module of Drupal. This flaw stems from insufficient validation of data received from...

5.7AI score0.00162EPSS
Exploits0References3
Drupal
Drupal
added 2026/03/04 12:0 a.m.14 views

OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. The module doesn't sufficiently validate the uniqueness of certain...

4.2CVSS5.8AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.6 views

PT-2026-23114

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that could allow for authentication bypass. Specifically, if a user successfully authenticates with their Identi...

5.9AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-23115

Name of the Vulnerable Software and Affected Versions Drupal OpenID Connect / OAuth client versions prior to 1.5.0 Description A flaw exists in the OpenID Connect / OAuth client module that allows for privilege escalation due to improper handling of case sensitivity. The module does not adequatel...

5.8AI score0.00133EPSS
Exploits0References3
Drupal
Drupal
added 2026/03/04 12:0 a.m.14 views

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Drupal
Drupal
added 2026/03/04 12:0 a.m.14 views

Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

This module extends the Drupal form API adding "Calculation element" form element types, which can evaluate a maths expression. It offers webform integration. The module doesn't sufficiently validate user input; this could be exploited to achieve Information Disclosure or Cross-site Scripting XSS...

6.1CVSS5.8AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.7 views

PT-2026-23111

Name of the Vulnerable Software and Affected Versions Drupal Calculation Fields versions prior to 1.0.4 Description The Calculation Fields module for Drupal does not properly validate user-supplied input, potentially allowing for Information Disclosure or Cross-Site Scripting XSS attacks. This...

5.8AI score0.00243EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/27 3:50 p.m.215 views

honeypot-server

ReportedIP Honeypot Server !License: BSL 1.1https://img.s...

6AI score
Exploits0
OSV
OSV
added 2026/02/25 6:51 p.m.6 views

DRUPAL-CONTRIB-2026-019

This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

4.8CVSS5.5AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:51 p.m.5 views

DRUPAL-CONTRIB-2026-018

This module enables you to perform SAML protocol-based single sign-on SSO on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting XSS vulnerability...

6.1CVSS5.4AI score0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:51 p.m.8 views

DRUPAL-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

5CVSS5.7AI score0.00287EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:49 p.m.5 views

DRUPAL-CONTRIB-2026-016

This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...

5.4CVSS5.2AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:47 p.m.5 views

DRUPAL-CONTRIB-2026-015

This module enables you to protect web forms from automated spam by requiring users to pass a challenge. The module doesn't sufficiently invalidate used security tokens under certain scenarios, which can lead to the CAPTCHA being bypassed on subsequent submissions. This vulnerability is mitigated...

6.5CVSS5.7AI score0.00268EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:45 p.m.5 views

DRUPAL-CONTRIB-2026-013

This module integrates the Tagify JavaScript library to enhance taxonomy entity reference widgets. The module does not sufficiently sanitise user-supplied input before rendering it inside JavaScript template strings within the Tagify widget. This allows arbitrary JavaScript execution in the brows...

5.4CVSS6AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:44 p.m.7 views

DRUPAL-CONTRIB-2026-012

This module allows site builders to create so-called "theme\rule" config entities. These theme rules can render pages with different themes than the default when certain conditions match. The module uses simple GET request to disable or enable theme rules, which allows attackers to disable or...

4.3CVSS5.5AI score0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:43 p.m.4 views

DRUPAL-CONTRIB-2026-011

This module enables you to add icons to CKEditor. The module doesn't sufficiently add custom permissions to the dialog and autocomplete routes, allowing full access to the routes in most scenarios...

5.3CVSS5.5AI score0.00223EPSS
Exploits0References1
Drupal
Drupal
added 2026/02/25 12:0 a.m.11 views

Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019

This module adds the favicons generated by realfavicongenerator.net to your Drupal site. The module does not filter administrator-entered text, leading to a persistent Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

4.8CVSS5.4AI score0.00185EPSS
Exploits0References2
Drupal
Drupal
added 2026/02/25 12:0 a.m.12 views

SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

This module enables you to perform SAML protocol-based single sign-on SSO on a Drupal site. The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting XSS vulnerability...

6.1CVSS5.2AI score0.00193EPSS
Exploits0References1
Drupal
Drupal
added 2026/02/25 12:0 a.m.12 views

Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

This module enables you to easily theme and build an entire website using only their browser, without the need to write code beyond basic JSX and CSS. Content creators are able to compose content on any part of the page without relying on developers. The project has a hidden sub-module, Drupal...

5CVSS5.6AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-22090

Name of the Vulnerable Software and Affected Versions Drupal Responsive Favicons versions prior to 2.0.2 Description A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting XSS issue. An attacker must...

4.8CVSS5.9AI score0.00185EPSS
Exploits0References5
Rows per page
Query Builder