13921 matches found
CVE-2026-0946
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...
CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1554
CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...
EUVD-2026-5352
XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553 Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
EUVD-2026-5339
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...
CVE-2026-1553
CVE-2026-1553 describes an Incorrect Authorization vulnerability in the Drupal Canvas module that enables forceful browsing of unpublished Canvas Pages. Affected versions are Drupal Canvas prior to 1.0.4. The underlying issue is insufficient access validation for unpublished Canvas Pages, allowin...
CVE-2026-0948
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
EUVD-2026-5338
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...
CVE-2026-0948
The CVE-2026-0948 vulnerability affects the Drupal Microsoft Entra ID SSO Login module for Drupal, where insufficient validation of responses from the Microsoft Entra ID service allows an authentication bypass. This can lead to complete account takeover of any user, including site administrators,...
CVE-2026-0947 AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...
CVE-2026-0947
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...
CVE-2026-0947 AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...
EUVD-2026-5337
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting XSS.This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1...
CVE-2026-0947
CVE-2026-0947 is a Drupal AT Internet Piano Analytics module XSS vulnerability. The issue arises from improper neutralization of input during web page generation in the module, allowing cross-site scripting. Affected Drupal AT Internet Piano Analytics versions are 0.0.0–1.0.0 and 2.0.0–2.3.0. The...
CVE-2026-0946 AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...