CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

ATTACKERKB•added 2026/05/19 10:28 p.m.•3 views

CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00037EPSS

Exploits0References2Affected Software1

EUVD•added 2026/03/26 9:31 p.m.•2 views

EUVD-2026-16385

Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

5.8AI score0.0004EPSS

Exploits0References2

EUVD•added 2026/03/26 9:31 p.m.•1 views

EUVD-2026-16387

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

5.8AI score0.00079EPSS

Exploits0References2

EUVD•added 2026/03/25 6:31 p.m.•1 views

EUVD-2026-15467

Cross-Site Request Forgery CSRF vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1...

6.3CVSS5.8AI score0.00021EPSS

Exploits0References2

Cvelist•added 2026/03/25 3:22 p.m.•18 views

CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Cross-Site Scripting XSS.This issue affects Tagify: from 0.0.0 before 1.2.49...

0.00041EPSS

Exploits0References1

NVD•added 2026/02/04 9:15 p.m.•6 views

CVE-2026-0946

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting XSS.This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1...

6.1CVSS0.00041EPSS

Exploits0References1

ATTACKERKB•added 2026/02/04 8:26 p.m.•3 views

CVE-2026-1553

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

4.8CVSS5.3AI score0.00042EPSS

Exploits0References2

Cvelist•added 2026/02/04 8:26 p.m.•24 views

CVE-2026-0948 Microsoft Entra ID SSO Login - Critical - Access bypass - SA-CONTRIB-2026-005

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 before 1.0.4...

0.00052EPSS

Exploits0References1

CVE•added 2026/02/04 8:25 p.m.•6 views

CVE-2026-0946

CVE-2026-0946 affects Drupal AT Internet SmartTag prior to 1.0.1. The issue is an XSS vulnerability caused by improper neutralization of input during web page generation. Impact is cross-site scripting where malicious scripts could be injected and executed in pages viewed by other users. Affected...

6.1CVSS5.3AI score0.00041EPSS

Exploits0References1Affected Software1

EUVD•added 2026/01/28 8:2 p.m.•2 views

EUVD-2025-206437

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

6.1CVSS5.9AI score0.00051EPSS

Exploits0References1

RedhatCVE•added 2025/11/19 5:21 p.m.•1 views

CVE-2025-12761

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Simple multi step form allows Cross-Site Scripting XSS.This issue affects Simple multi step form: from 0.0.0 before 2.0.0...

3.5CVSS5.8AI score0.00023EPSS

Exploits0References1

Positive Technologies•added 2025/11/18 12:0 a.m.•2 views

PT-2025-47342

Name of the Vulnerable Software and Affected Versions Drupal Email TFA versions prior to 2.0.6 Description An authentication bypass issue exists in Drupal Email TFA, allowing functionality bypass through an alternate path or channel. The issue impacts the Email TFA module. Recommendations Update ...

5.4CVSS6.8AI score0.00046EPSS

Exploits0References3

OSV•added 2025/10/30 12:31 a.m.•2 views

GHSA-27FV-RPGJ-4C6M Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS6.9AI score0.00019EPSS

Exploits0References2

Github Security Blog•added 2025/10/30 12:31 a.m.•6 views

Drupal Currency allows Cross Site Request Forgery

Cross-Site Request Forgery CSRF vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0...

6.5CVSS6.9AI score0.00019EPSS

Exploits0References3Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-51479

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00186EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-25042

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2025/08/17 5:25 p.m.•8 views

CVE-2025-8361

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0...

7.6CVSS7.2AI score0.00063EPSS

Exploits0References1

NVD•added 2025/08/15 5:15 p.m.•3 views

CVE-2025-8996

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0...

4.3CVSS0.00055EPSS

Exploits0References1

NVD•added 2025/08/15 5:15 p.m.•5 views

CVE-2025-8092

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting XSS.This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16...

7.6CVSS0.00065EPSS

Exploits0References1

OSV•added 2025/08/15 5:15 p.m.•2 views

CVE-2025-8092

7.6CVSS5.8AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by