6 matches found
CVE-2026-15089
Technical details about CVE-2026-15089 are not provided in the supplied documents. No affected versions, root cause, or remediation are disclosed here. Monitor for updates from official advisories (Drupal SA) and CVE records.
CVE-2026-10770
CVE-2026-10770 affects the Drupal Anti-Spam by CleanTalk module (versions 0.0.0 through 9.7.1). The root cause is improper neutralization of input in web page generation, resulting in a Reflected XSS when rendering CleanTalk API responses in HTML. The issue is documented across multiple sources (...
Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or...