CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

EUVD•added 2026/05/22 12:31 a.m.•5 views

EUVD-2026-31381

Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...

5.1CVSS5.6AI score0.0003EPSS

Exploits1References3

NVD•added 2026/05/21 10:16 p.m.•6 views

CVE-2026-4929

5.4CVSS0.0003EPSS

Exploits1References3

Cvelist•added 2026/05/21 9:48 p.m.•23 views

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

5.1CVSS0.0003EPSS

Exploits1References2

ATTACKERKB•added 2026/05/21 9:48 p.m.•2 views

CVE-2026-4929

5.1CVSS5.6AI score0.0003EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/05/21 9:48 p.m.•3 views

CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output

5.1CVSS5.6AI score0.0003EPSS

Exploits1References2

Positive Technologies•added 2026/05/21 12:0 a.m.•3 views

PT-2026-42579

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...

5.1CVSS5.8AI score0.0003EPSS

Exploits1References5

CVE•added 2026/04/22 7:52 p.m.•2 views

CVE-2026-3837

CVE-2026-3837 – Frappe Framework 16.10.0 : An authenticated attacker can store crafted values in multiple field formatters and cause client-side script execution when another user opens the affected document in Desk. The issue arises because the vulnerable formatters interpolate stored values int...

5.4CVSS5.9AI score0.00032EPSS

Exploits1References3Affected Software1

OSV•added 2025/07/16 4:46 p.m.•2 views

DRUPAL-CONTRIB-2025-089

The File Download enables you to allow users to download file and image entities directly using a custom field formatter. It also provides an optional submodule to count and display file downloads in Views, similar to how the core statistics module tracks content views. The File Download module...

7.5CVSS6.7AI score0.00287EPSS

Exploits0References1

OSV•added 2025/04/09 5:4 p.m.•3 views

DRUPAL-CONTRIB-2025-032

Gif Player Field creates a simple file field types that allows you to upload the GIF files and configure the output for this using the Field Formatters. The module uses GifPlayer jQuery library to render the GIF according to configured setups for the Field Formatter. The external Gif Player Libra...

6.9CVSS6.2AI score0.00497EPSS

Exploits0References1

RedhatCVE•added 2025/04/02 10:59 p.m.•20 views

CVE-2025-31696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting XSS.This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1...

6.1CVSS6.7AI score0.00387EPSS

Exploits0References3

OSV•added 2025/04/01 12:30 a.m.•5 views

GHSA-86H4-W859-3HHV Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting XSS. This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1...

6.1CVSS6.5AI score0.00387EPSS

Exploits0References3

Github Security Blog•added 2025/04/01 12:30 a.m.•8 views

Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting XSS. This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1...

6.1CVSS6.5AI score0.00387EPSS

Exploits0References3Affected Software1

OSV•added 2025/04/01 12:30 a.m.•3 views

GHSA-P2WG-8H29-874V Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS. This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

6.1CVSS6.5AI score0.00525EPSS

Exploits0References3

NVD•added 2025/03/31 10:15 p.m.•12 views

CVE-2025-31696

6.1CVSS0.00387EPSS

Exploits0References1

OSV•added 2025/03/31 10:15 p.m.•1 views

CVE-2025-31696

6.1CVSS5.8AI score

Exploits0References1

OSV•added 2025/03/31 10:15 p.m.•1 views

CVE-2025-31695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

6.1CVSS5.8AI score0.00525EPSS

Exploits0References1

Cvelist•added 2025/03/31 9:55 p.m.•7 views

CVE-2025-31696 RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025

0.00387EPSS

Exploits0References1

CVE•added 2025/03/31 9:55 p.m.•58 views

CVE-2025-31696

CVE-2025-31696 affects the Drupal RapiDoc OAS Field Formatter. The issue is an improper input neutralization during web page generation, leading to Cross-Site Scripting (XSS). Affected versions are 0.0.0 through before 1.0.1; the fixed version is 1.0.1 or later. CVSS 3.1 base score 6.1 (MEDIUM) w...

6.1CVSS6.5AI score0.00387EPSS

Exploits0References1Affected Software1

Cvelist•added 2025/03/31 9:52 p.m.•6 views

CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

0.00525EPSS

Exploits0References1

Vulnrichment•added 2025/03/31 9:52 p.m.•2 views

CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

6.1AI score0.00525EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by