EUVD-2026-5353

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...

CVE-2026-0946

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...

CVE-2026-0946 AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...

CVE-2026-0946

CVE-2026-0946 affects Drupal AT Internet SmartTag prior to 1.0.1. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Impact is cross-site scripting where malicious scripts could be injected and executed in pages viewed by other users. Affected...

CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

EUVD-2026-5354

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

CVE-2026-0945

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002

Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0...

CVE-2026-0945

CVE-2026-0945 is a privilege-escalation flaw in the Drupal Role Delegation module. The issue affects Drupal Role Delegation versions 1.3.0 through 1.4.9, caused by unsafe permission definitions that can enable a user to delegate a role and, under certain conditions, assign the administrator role....

CVE-2026-0944

The CVE-2026-0944 entry concerns Drupal Group Invite. Affected: Drupal Group invite module versions before 2.3.9, before 3.0.4, and before 4.0.4. Description: an improper check for unusual or exceptional conditions enables forceful browsing, effectively an access-bypass vulnerability. Impact: una...

CVE-2026-0944 Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

CVE-2026-0944 Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

CVE-2026-0944

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

EUVD-2026-5346

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, from 4.0.0 before 4.0.4...

DRUPAL-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...

Drupal Group invite 安全漏洞

Drupal Group invite is a membership invitation module provided by the Drupal company. Versions prior to 2.3.9, 3.0.4, and 4.0.4 of Drupal Group invite contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead to forced browsing...

Drupal Canvas 安全漏洞

Drupal Canvas is a page builder developed by the Drupal company. Versions of Drupal Canvas prior to 1.0.4 contained security vulnerabilities, which were due to improper authorization and could lead to forced browsing...

Drupal Microsoft Entra ID SSO Login 安全漏洞

Drupal Microsoft Entra ID SSO Login is a single-sign-on integration module provided by the Drupal company in collaboration with Microsoft. Versions of Drupal Microsoft Entra ID SSO Login prior to 1.0.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of alternative...

Drupal Central Authentication System Server 安全漏洞

The Drupal Central Authentication System Server is a CAS authentication center module developed by the Drupal company. Versions prior to 2.0.3 and 2.1.2 of the Drupal Central Authentication System Server had security vulnerabilities. These vulnerabilities were caused by XML injection, which could...

PT-2026-6344

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...