DRUPAL-CONTRIB-2026-004

This module integrates the AT Internet Piano Analytics service. The module does not filter administrator-entered text leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...

DRUPAL-CONTRIB-2026-002

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the "administer permissions" permission. The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. A user...

PT-2026-2942

Name of the Vulnerable Software and Affected Versions Drupal Facebook Pixel versions 7.X-1.0 through 7.X-1.1 Description The Facebook Pixel module for Drupal contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting XSS issue. This...

Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

This module enables Drupal sites to authenticate users via Microsoft Entra ID formerly Azure AD using OAuth 2.0. The module doesn't sufficiently validate API responses from Microsoft allowing complete account takeover of any user, including site administrators, without requiring any credentials o...

PT-2026-2941

Name of the Vulnerable Software and Affected Versions Drupal Flag versions 7.X-3.0 through 7.X-3.9 Description A flaw exists in Drupal Flag that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. An attacker could potentially...

PT-2026-3747

Name of the Vulnerable Software and Affected Versions Drupal Microsoft Entra ID SSO Login versions prior to 1.0.4 Description The Microsoft Entra ID SSO Login module for Drupal does not properly validate responses received from the Microsoft Entra ID service. This insufficient validation can lead...

Drupal Flag 安全漏洞

Drupal Flag is a markup creation module for the Drupal community. A security vulnerability exists in Drupal Flag versions 7.X-3.0 through 7.X-3.9, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...

Drupal Facebook Pixel 安全漏洞

Drupal Facebook Pixel is an ad placement module for the Drupal community. A security vulnerability exists in Drupal Facebook Pixel versions 7.X-1.0 through 7.X-1.1, which stems from improper input neutralization during page generation and could lead to a stored cross-site scripting attack...

MiracleLinux 3 : drupal-6.8-2AXS3 (AXSA:2009-68:02)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2009-68:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content on a...

MiracleLinux 3 : drupal-6.4-1AXS3 (AXSA:2008-285:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-285:02 advisory. Drupal is a free CMS Content Management System software package that allows an individual or a community of users to easily publish, manage and...

MiracleLinux 3 : drupal-6.27-1.AXS3 (AXSA:2012-1054:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-1054:02 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content...

MiracleLinux 3 : drupal-6.24-1.AXS3 (AXSA:2012-98:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-98:01 advisory. Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a wide variety of content o...

CVE-2009-4066 vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-F9J7-VFF8-3C2R vulnerabilities

Vulnerabilities for packages: drupal...

GHSA-G4RV-C45G-4J68 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2012-2306 vulnerabilities

Vulnerabilities for packages: drupal...

CVE-2023-31250

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your...

CVE-2009-4602

Cross-site scripting XSS vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4516

Cross-site scripting XSS vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4534

Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...