CVE-2026-0750 Payment bypass in Commerce Paybox

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

EUVD-2026-4875

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0750

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0750 Payment bypass in Commerce Paybox

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

CVE-2026-0750

CVE-2026-0750 describes an authentication bypass in the Drupal Commerce Paybox module on Drupal 7.x, caused by improper verification of a cryptographic signature. Affected products/components: Drupal Commerce Paybox for Drupal 7.x, specifically versions 7-x-1.0 through 7.X-1.5. The root cause is ...

DRUPAL-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

DRUPAL-CONTRIB-2026-006

This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to...

PT-2026-5206

Name of the Vulnerable Software and Affected Versions Acquia Content Hub versions 0.0.0 through 3.6.3 Acquia Content Hub versions 3.7.0 through 3.7.2 Description A Cross-Site Request Forgery CSRF issue exists in Acquia Content Hub. This allows attackers to perform actions on behalf of authenticat...

PT-2026-5199

Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0...

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006

This Drupal Canvas module is a new visual page builder for Drupal. You can create reusable components that match your design system, drag them onto a page, edit content in place, preview changes across multiple pages, and undo mistakes with ease. The module doesn't sufficiently validate access to...

PT-2026-5190

Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5...

PT-2026-5189

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Form Builder allows Cross-Site Scripting XSS.This issue affects Drupal: from 7.X-1.0 through 7.X-1.22...

PT-2026-5198

Name of the Vulnerable Software and Affected Versions Drupal Mini site versions prior to 3.0.2 Description A flaw exists in Drupal Mini site that allows for Stored Cross-Site Scripting XSS due to unsafe actions with defined privileges. This allows an attacker to inject malicious scripts into the...

PT-2026-5202

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.44 Description A flaw exists in Drupal Tagify that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially...

PT-2026-5243

Name of the Vulnerable Software and Affected Versions Drupal Central Authentication System CAS Server versions prior to 2.0.3 Drupal Central Authentication System CAS Server versions 2.1.0 through 2.1.1 Description The Central Authentication System CAS Server module for Drupal does not adequately...

PT-2026-5242

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions prior to 1.0.4 Description The Drupal Canvas module has an authorization issue that allows forceful browsing of Canvas Pages when they are unpublished. The module does not adequately validate access to Canvas Pages,...

PT-2026-5207

Name of the Vulnerable Software and Affected Versions Drupal HTTP Client Manager versions prior to 9.3.13 Drupal HTTP Client Manager versions 10.0.0 through 10.0.2 Drupal HTTP Client Manager versions 11.0.0 through 11.0.1 Description An improper check for unusual or exceptional conditions exists ...

Drupal Mini site security vulnerabilities

Drupal Mini Site is a plugin for the Drupal community. Versions of Drupal Mini Site prior to 3.0.2 contained security vulnerabilities. These vulnerabilities stemmed from insecure permissions definitions, which could lead to storage-side cross-site scripting attacks...

Drupal AI security vulnerabilities

Drupal AI is a module or solution within the Drupal community that integrates artificial intelligence capabilities. Versions of Drupal AI prior to 1.0.7, 1.1.7, and 1.2.4 contain security vulnerabilities. These vulnerabilities stem from improper input during web page generation, which may lead to...