Lucene search
K

4660 matches found

Nuclei
Nuclei
added yesterday61 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.1AI score0.00773EPSS
Exploits1References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43078

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

6.1AI score0.002EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43080

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

6.1AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43048

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00142EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15084

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-13240

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.5CVSS0.00132EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-13244

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

8.1CVSS0.00417EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-15082

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

5.4CVSS0.00186EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-13237

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS0.00142EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-13238

Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2...

4.8CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-10770

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...

0.00161EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-11908

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Tagify allows Stored XSS. This issue affects Tagify versions: from 0.0.0 to 1.2.52...

0.00161EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-15085

The affected software is the Drupal AI SEO/GEO Analyzer module. It is vulnerable to Stored Cross‑site Scripting (XSS) in versions 0.0.0 through 1.1.3. The root cause, as described in the connected DRUPAL-SA-CONTRIB-2026-076 entry and PT-2026-56665, is that the module sends entity content (includi...

5.4CVSS6.1AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15081 Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

0.00194EPSS
Exploits0References1
CVE
CVE
added 4 days ago6 views

CVE-2026-15079

The CVE-2026-15079 entry concerns the Drupal Login Disable module, affected on versions 0.0.0 through 2.1.4. The underlying issue is an improper restriction of excessive authentication attempts, which can enable brute-force login attempts to bypass protection. The attack surface is the Drupal log...

5.4CVSS6.1AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-58591 Colorbox - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-069

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-13244 Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

0.00417EPSS
Exploits0References1
Rows per page
Query Builder