Lucene search
+L

4336 matches found

cvelist
cvelist
added 6 days ago33 views

CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

0.00392EPSS
Exploits0References1
cvelist
cvelist
added 6 days ago31 views

CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

0.00414EPSS
Exploits0References1
cve
cve
added 6 days ago10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
cve
cve
added 6 days ago447 views

CVE-2026-55806

CVE-2026-55806 affects Drupal core and is caused by a flaw in the rebuild.php front controller’s Host header validation, enabling an open redirect and related cache-poisoning risks. Affected versions include Drupal core 10.5.x before 10.5.12, 10.6.x before 10.6.11, 11.2.x before 11.2.14, and 11.3...

5.9CVSS6.1AI score0.00206EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 6 days ago34 views

CVE-2026-55804 Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

0.00215EPSS
Exploits0References1
osv
osv
added 6 days ago3 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References5
cve
cve
added 6 days ago16 views

CVE-2026-10770

The CVE-2026-10770 entry corresponds to a Reflected XSS in Drupal Anti-Spam by CleanTalk, affecting versions 0.0.0 through 9.7.1. The root cause is improper neutralization of input in the module’s HTML output, where CleanTalk API response content is echoed directly via _cleantalk_die() and ct_die...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/26 7:40 p.m.7 views

CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.5CVSS5.8AI score0.00121EPSS
Exploits0
euvd
euvd
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39837

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.9AI score0.00121EPSS
Exploits0References3
hpe
hpe
added 2026/06/26 12:0 a.m.5 views

HPESBHF05017 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01396, 2026.1 IPU, Intel Processor Firmware Advisory, Local Escalation of Privilege Vulnerability

Potential Security Impact: Local: Escalation of Privilege SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 380 Gen11 - Prior to SimpliVity Gen11 Support Pack 20260605 HPE SimpliVity 380 Gen10 Plus - Prior to SimpliVity Gen10 Support Pack 20260605 CVSS Scores: | CVE |...

3.9CVSS6.1AI score0.00133EPSS
Exploits0
drupal
drupal
added 2026/06/24 12:0 a.m.11 views

Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062

Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References2
drupal
drupal
added 2026/06/10 12:0 a.m.9 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.8CVSS5.2AI score0.0032EPSS
Exploits0References2
nessus
nessus
added 2026/05/25 12:0 a.m.18 views

Alibaba Cloud Linux 3 : 0133: glib2 (ALINUX3-SA-2026:0133)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0133 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14087: A flaw was found in GLib...

9.8CVSS6.3AI score0.00767EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, which is happening due to two issues: 1. In SA ad...

5.5CVSS6.3AI score0.00173EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in sysstat

Before version 12.1.6, sysstat experienced memory corruption due to an integer overflow in the remapstruct function in sacommon.c...

5.5CVSS6.8AI score0.01533EPSS
Exploits1References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in StrongSwan

StrongSwan before version 5.9.12 has a buffer overflow vulnerability, and there is a possibility of unauthenticated remote code execution through a DH public key value that exceeds the internal buffer of charon-tkm’s DH proxy. The earliest affected version is 5.3.0. An attack can occur through a...

9.8CVSS9AI score0.02309EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/19 10:28 p.m.35 views

CVE-2026-6367 Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...

0.00201EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/19 10:27 p.m.9 views

CVE-2026-6366 Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

5.8AI score0.00399EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 10:27 p.m.42 views

CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

0.00238EPSS
Exploits0References1
osv
osv
added 2026/05/19 10:27 p.m.1 views

CVE-2026-6365 Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...

6.1CVSS5.9AI score0.00238EPSS
Exploits0References5
Rows per page
Query Builder