4336 matches found
CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15089
The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...
CVE-2026-55806
CVE-2026-55806 affects Drupal core and is caused by a flaw in the rebuild.php front controller’s Host header validation, enabling an open redirect and related cache-poisoning risks. Affected versions include Drupal core 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, and 11.3...
CVE-2026-55804 Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...
CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-10770
The CVE-2026-10770 entry corresponds to a Reflected XSS in Drupal Anti-Spam by CleanTalk, affecting versions 0.0.0 through 9.7.1. The root cause is improper neutralization of input in the module’s HTML output, where CleanTalk API response content is echoed directly via _cleantalk_die() and ct_die...
CVE-2026-53302
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
EUVD-2026-39837
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...
HPESBHF05017 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01396, 2026.1 IPU, Intel Processor Firmware Advisory, Local Escalation of Privilege Vulnerability
Potential Security Impact: Local: Escalation of Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 380 Gen11 - Prior to SimpliVity Gen11 Support Pack 20260605 HPE SimpliVity 380 Gen10 Plus - Prior to SimpliVity Gen10 Support Pack 20260605 CVSS Scores: | CVE |...
Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...
Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
Alibaba Cloud Linux 3 : 0133: glib2 (ALINUX3-SA-2026:0133)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0133 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14087: A flaw was found in GLib...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA ad...
Astra Linux – Vulnerability in sysstat
Before version 12.1.6, sysstat experienced memory corruption due to an integer overflow in the remapstruct function in sacommon.c...
Astra Linux – Vulnerability in StrongSwan
StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...
CVE-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...
CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...