160785 matches found
EUVD-2026-43058
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...
EUVD-2026-43057
Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...
PT-2026-57393
Name of the Vulnerable Software and Affected Versions Booking Package versions prior to 1.7.21 Description Insufficient escaping of user-supplied parameters and lack of preparation in SQL queries allow unauthenticated attackers to perform SQL Injection. This occurs via the email parameter in the...
CVE-2026-11914
Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are described. Monitor for updates from Drupal SA-CONTRIB-2026-046 and related advisories.
CVE-2026-11915
Technical details about CVE-2026-11915 are not publicly available in the provided documents. The connected sources indicate the issue is with Drupal Brute force attack protection and that the related project is marked unsupported; monitor for updates.
CVE-2026-15087
CVE-2026-15087 concerns Drupal Clean RESTful; the provided documents identify a vulnerability and classify it as Critical/Unsupported via SA-CONTRIB-2026-078, but concrete technical details (affected versions, vulnerable component/function, exploit path, impact, or a patch) are not provided in th...
EUVD-2026-43087
Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...
CVE-2026-55175
Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...
CVE-2026-55807
CVE-2026-55807 concerns a Server-Side Request Forgery in Drupal core related to the oEmbed URL discovery path within the Media module. The issue allows the server to make unauthorized requests to arbitrary URLs, as described by multiple sources. Affected Drupal core versions include 0.0.0–10.5.12...
CVE-2026-15084
CVE-2026-15084 is a Stored XSS vulnerability in Drupal UI Patterns (SDC in Drupal UI). Affects UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17. The issue is due to improper neutralization of input during web page generation. Public references indicate SA-CONTRIB-2026-075 describes th...
CVE-2026-15083
The CVE describes an information-disclosure risk in the Drupal ECA (Event - Condition - Action) module due to Improperly Controlled Modification of Dynamically-Determined Object Attributes, enabling Object Injection. Affected are ECA: Event - Condition - Action versions 0.0.0–2.1.20, 3.0.0–3.0.12...
CVE-2026-15081
CVE-2026-15081 affects the Drupal Location Selector module. The issue is an improper neutralization of inputs in a SQL command, enabling SQL injection via a Views filter that handles user input. Affected versions are Location Selector 0.0.0 through 1.3.0. Root cause: insufficient sanitization of ...
CVE-2026-58590
FlowDrop (Drupal module) has a Missing Authorization vulnerability that allows Forceful Browsing, affecting FlowDrop versions 0.0.0 through 1.6.0. The Drupal SA-CONTRIB-2026-068 advisory and related records describe an access-bypass weakness involving workflow administration permissions (Administ...
CVE-2026-58589
CVE-2026-58589 concerns the Drupal FlowDrop module, where a missing authorization vulnerability enables forceful browsing/bypass of access controls. Affected are FlowDrop versions 0.0.0 through 1.6.0. The connected documents identify the issue as an access-bypass through inadequate permission enf...
CVE-2026-13244
CVE-2026-13244 concerns the Drupal module for Tealium iQ Tag Management. The vulnerability arises from Improperly Controlled Modification of Dynamically-Determined Object Attributes in the module, allowing PHP object injection via data stored as serialized strings in the tealiumiq field. Affected...
CVE-2026-13243
The Drupal Salesforce Suite CSRF CVE-2026-13243 affects the Salesforce integration in Drupal via the Salesforce module, with the vulnerability stemming from improper validation of the OAuth handshake during interactive authentication. This can allow an attacker to hijack the authorization token a...
CVE-2026-13240
The CVE-2026-13240 vulnerability affects the Drupal Paragraphs module (versions 0.0.0 through 1.21.0). Cause: Missing Authorization enabling forceful browsing to access unpublished library items in lists. Impact: Unauthorized access to items that should be restricted; practical consequences are a...
CVE-2026-13239
CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...
CVE-2026-13237
The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...
CVE-2026-13234
CVE-2026-13234 concerns an XSS flaw in the Drupal AI module. The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting. Affected versions are: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The issue is documented across NVD, CVE listing...