Drupal Tagify security vulnerability

Drupal Tagify is a Drupal module from the Drupal community that integrates the Tagify JavaScript library. Versions of Drupal Tagify prior to 1.2.44 contained a security vulnerability, which was caused by improper input handling and could lead to cross-site scripting attacks...

Drupal Entity Share security vulnerability

Drupal Entity Share is a content sharing plugin for the Drupal community. Versions of Drupal Entity Share prior to 3.13.0 contained a security vulnerability, which was caused by improper authorization and could lead to forced browsing...

Drupal: Vulnerability in the Disabled Login Page

Drupal Disable Login Page is a content blocking plugin for the Drupal community. Versions of Drupal Disable Login Page prior to 1.1.3 contained a security vulnerability. This vulnerability stemmed from an authentication bypass mechanism, which could lead to unauthorized functionality...

Drupal HTTP Client Manager security vulnerability

The Drupal HTTP Client Manager is an HTTP client management plugin for the Drupal community. Versions prior to 9.3.13, 10.0.2, and 11.0.1 of the Drupal HTTP Client Manager contained security vulnerabilities. These vulnerabilities were due to improper exception condition checks, which could lead t...

Drupal Login Time Restriction security vulnerability

Drupal Login Time Restriction is a login time restriction plugin for the Drupal community. Versions of Drupal Login Time Restriction prior to 1.0.3 contained a security vulnerability, which was caused by a cross-site request forgeing issue, potentially allowing cross-site request forgeing attacks...

PT-2026-5204

Name of the Vulnerable Software and Affected Versions Drupal Entity Share versions prior to 3.13.0 Description An authorization issue exists in Drupal Entity Share that permits forceful browsing. This flaw potentially allows unauthorized access to resources. Recommendations Update Drupal Entity...

Drupal Next.js security vulnerabilities

Drupal Next.js is a module within the Drupal community that enables a deep integration between Drupal and Next.js. Versions of Drupal Next.js prior to 1.6.4 and 2.0.1 contained security vulnerabilities. These vulnerabilities were due to overly lax cross-domain security policies, which could lead ...

PT-2026-5201

Name of the Vulnerable Software and Affected Versions Drupal Login Time Restriction versions prior to 1.0.3 Description A Cross-Site Request Forgery CSRF issue exists in the Login Time Restriction module. This allows attackers to perform actions on behalf of authenticated users without their...

Drupal Acquia Content Hub security vulnerabilities

Drupal Acquia Content Hub is a content distribution plugin for the Drupal community. Versions of Drupal Acquia Content Hub prior to 3.6.4 and 3.7.3 contained security vulnerabilities, which were due to a vulnerability that was vulnerable to cross-site request forgery attacks...

Drupal CKEditor 5 Premium Features: Security Vulnerabilities

Drupal CKEditor 5 Premium Features is an editor extension module within the Drupal community. There are security vulnerabilities in Drupal CKEditor 5 Premium Features, which stem from using alternative paths or channels to bypass authentication, potentially leading to functionality bypasses. The...

PT-2026-5205

Name of the Vulnerable Software and Affected Versions Drupal Disable Login Page versions prior to 1.1.3 Description An authentication bypass issue exists in Drupal Disable Login Page, allowing functionality bypass through an alternate path or channel. This allows attackers to circumvent login...

Drupal Commerce Paybox security vulnerabilities

Drupal Commerce Paybox is a payment plugin for the Drupal community. There are security vulnerabilities in the Drupal Commerce Paybox versions 7-x-1.0 to 7.X-1.5. These vulnerabilities stem from improper encryption signature verification, which may lead to authentication bypasses...

PT-2026-5200

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4...

PT-2026-5206

Name of the Vulnerable Software and Affected Versions Acquia Content Hub versions 0.0.0 through 3.6.3 Acquia Content Hub versions 3.7.0 through 3.7.2 Description A Cross-Site Request Forgery CSRF issue exists in Acquia Content Hub. This allows attackers to perform actions on behalf of authenticat...

MiracleLinux 3 : drupal-6.4-3AXS3 (AXBA:2008-316:03)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXBA:2008-316:03 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions vi...

CVE-2025-14557

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Facebook Pixel facebookpixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1...

CVE-2025-14556

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Flag allows Cross-Site Scripting XSS.This issue affects Flag: from 7.X-3.0 through 7.X-3.9...

CVE-2008-0462 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2009-3156 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2009-3479 vulnerabilities

Vulnerabilities for packages: drupal...