Lucene search
+L

463 matches found

Cvelist
Cvelist
added last week35 views

CVE-2026-15087 Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

0.00414EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-15089

The CVE-2026-15089 entry concerns a vulnerability in Drupal Commerce guest registration. Affected component: Drupal Commerce guest registration feature; details on affected versions are not provided beyond “. ” in the documents. The CVSS 3.1 base score is listed as 9.1 (CRITICAL) with high confid...

9.1CVSS6.1AI score0.00508EPSS
Exploits0References1
OSV
OSV
added last week3 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References5
CVE
CVE
added last week16 views

CVE-2026-10770

The CVE-2026-10770 entry corresponds to a Reflected XSS in Drupal Anti-Spam by CleanTalk, affecting versions 0.0.0 through 9.7.1. The root cause is improper neutralization of input in the module’s HTML output, where CleanTalk API response content is echoed directly via _cleantalk_die() and ct_die...

6.1CVSS6.1AI score0.00181EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/24 12:0 a.m.11 views

Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062

Geolocation modules adds a field to store coordinates and provides supporting plumbing for views and other modules. One of the provided views filters does not sufficiently sanitize values if exposed to user input resulting in a SQL injection vulnerability. This vulnerability is mitigated by the...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References2
Drupal
Drupal
added 2026/06/10 12:0 a.m.9 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.8CVSS5.2AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/03/25 3:22 p.m.2 views

CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting XSS.This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0...

4.7CVSS5.9AI score0.00171EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 3:22 p.m.26 views

CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...

0.00136EPSS
Exploits0References1
Drupal
Drupal
added 2026/03/04 12:0 a.m.15 views

OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026

This module enables you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created. A visitor who successfully logs in to their Identity Provider and ...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
Drupal
Drupal
added 2026/02/25 12:0 a.m.15 views

Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014

This module enables you to block bots by Firewall. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site scripting XSS vulnerability. This vulnerability is mitigated by the fact that the vulnerable functionality is only presented to users that are "challenged" or...

4.7CVSS5.3AI score0.00171EPSS
Exploits0References2
Drupal
Drupal
added 2025/12/03 12:0 a.m.13 views

Next.js - Critical - Access bypass - SA-CONTRIB-2025-122

This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing CORS with insecure default settings Access-Control-Allow-Origin: , overriding any services.yml CORS configuration. This allows...

6.1CVSS5.4AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/29 11:14 p.m.2 views

CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CivicTheme Design System allows Cross-Site Scripting XSS.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0...

5.5AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 11:13 p.m.4 views

CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery.This issue affects Currency: from 0.0.0 before 3.5.0...

6.5AI score0.00121EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/10 10:25 p.m.2 views

CVE-2025-9554 Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104

Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2:...

6.5AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/10/10 10:25 p.m.12 views

CVE-2025-9552

CVE-2025-9552 concerns the Drupal module Synchronize composer.Json With Contrib Modules . Public descriptions in connected documents indicate a vulnerability affecting the module in general (versions not specified). The NVD/NVD-derived metrics show a CVSS 3.1 base score of 5.3 (Medium) with an at...

5.3CVSS6.5AI score0.00234EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2025/08/27 12:0 a.m.12 views

Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098

This module allows users to setup two-factor authentication 2FA using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score experimental 6.3 / Medium...

8.8CVSS5.4AI score0.00326EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/15 4:27 p.m.4 views

CVE-2025-8996 Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

6.6AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/26 1:33 p.m.15 views

CVE-2025-6675 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0., from 0.0.0 before 5.1...

0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 5:1 p.m.17 views

CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047

Cross-Site Request Forgery CSRF vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0...

0.00171EPSS
Exploits0References1
Rows per page
Query Builder