463 matches found
CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...
CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15089
The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...
CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...
CVE-2026-10770
The CVE-2026-10770 entry corresponds to a Reflected XSS in Drupal Anti-Spam by CleanTalk, affecting versions 0.0.0 through 9.7.1. The root cause is improper neutralization of input in the module’s HTML output, where CleanTalk API response content is echoed directly via _cleantalk_die() and ct_die...
Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...
Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...
CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting XSS.This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0...
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or...
Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...
CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110
Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...
CVE-2025-9554 Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2:...
CVE-2025-9552
CVE-2025-9552 concerns the Drupal module Synchronize composer.Json With Contrib Modules . Public descriptions in connected documents indicate a vulnerability affecting the module in general (versions not specified). The NVD/NVD-derived metrics show a CVSS 3.1 base score of 5.3 (Medium) with an at...
Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
This module allows users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score experimental 6.3 / Medium...
CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097
Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...
CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0., from 0.0.0 before 5.1...
CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...