PT-2026-6027

Name of the Vulnerable Software and Affected Versions Drupal AT Internet SmartTag versions prior to 1.0.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS. This means an attacker could potentiall...

Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: http://example.com/user/login?admin If they provide the access key and have a specific role they can log in. The module does not check for...

Drupal AT Internet SmartTag 安全漏洞

Drupal AT Internet SmartTag is a data analysis integration module developed by the Drupal company. Versions of Drupal AT Internet SmartTag prior to 1.0.1 contained security vulnerabilities, which were caused by improper input during web page generation. These vulnerabilities could lead to...

Drupal AT Internet Piano Analytics 安全漏洞

Drupal AT Internet Piano Analytics is a data analysis service integration plugin provided by the Drupal company. Versions of Drupal AT Internet Piano Analytics prior to 1.0.1 and 2.3.1 contained security vulnerabilities. These vulnerabilities were due to improper input during web page generation,...

Drupal Group invite 安全漏洞

Drupal Group invite is a membership invitation module provided by the Drupal company. Versions prior to 2.3.9, 3.0.4, and 4.0.4 of Drupal Group invite contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead to forced browsing...

CVE-2026-0750

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2025-14472

Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3...

CVE-2025-14840

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

CVE-2025-13986

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

CVE-2025-13986

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3...

CVE-2025-14472

Cross-Site Request Forgery CSRF vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3...

CVE-2025-14840

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1...

CVE-2025-13979

Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2...

CVE-2025-13985

Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0...

CVE-2025-13980

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

CVE-2025-13981

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4...

CVE-2025-13982

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

CVE-2025-13984

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

CVE-2025-13983

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.44...

CVE-2025-13980

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...