Lucene search
K

160794 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-43058

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI Artificial Intelligence allows Cross-Site Scripting XSS. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43057

Server-Side Request Forgery SSRF vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2...

6.1AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-57393

Name of the Vulnerable Software and Affected Versions Booking Package versions prior to 1.7.21 Description Insufficient escaping of user-supplied parameters and lack of preparation in SQL queries allow unauthenticated attackers to perform SQL Injection. This occurs via the email parameter in the...

7.5CVSS6.1AI score0.00388EPSS
Exploits0References14
CVE
CVE
added 2 days ago13 views

CVE-2026-11914

Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are described. Monitor for updates from Drupal SA-CONTRIB-2026-046 and related advisories.

6.1AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-11915

Technical details about CVE-2026-11915 are not publicly available in the provided documents. The connected sources indicate the issue is with Drupal Brute force attack protection and that the related project is marked unsupported; monitor for updates.

6.1AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-15087

CVE-2026-15087 concerns Drupal Clean RESTful; the provided documents identify a vulnerability and classify it as Critical/Unsupported via SA-CONTRIB-2026-078, but concrete technical details (affected versions, vulnerable component/function, exploit path, impact, or a patch) are not provided in th...

6.1AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
CVE
CVE
added 2 days ago9 views

CVE-2026-55175

Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
CVE
CVE
added 2 days ago443 views

CVE-2026-55807

CVE-2026-55807 concerns a Server-Side Request Forgery in Drupal core related to the oEmbed URL discovery path within the Media module. The issue allows the server to make unauthorized requests to arbitrary URLs, as described by multiple sources. Affected Drupal core versions include 0.0.0–10.5.12...

6.1AI score0.00133EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-15084

CVE-2026-15084 is a Stored XSS vulnerability in Drupal UI Patterns (SDC in Drupal UI). Affects UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17. The issue is due to improper neutralization of input during web page generation. Public references indicate SA-CONTRIB-2026-075 describes th...

6.1AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-15083

The CVE describes an information-disclosure risk in the Drupal ECA (Event - Condition - Action) module due to Improperly Controlled Modification of Dynamically-Determined Object Attributes, enabling Object Injection. Affected are ECA: Event - Condition - Action versions 0.0.0–2.1.20, 3.0.0–3.0.12...

6.1AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-15081

CVE-2026-15081 affects the Drupal Location Selector module. The issue is an improper neutralization of inputs in a SQL command, enabling SQL injection via a Views filter that handles user input. Affected versions are Location Selector 0.0.0 through 1.3.0. Root cause: insufficient sanitization of ...

6.1AI score0.00194EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-58590

FlowDrop (Drupal module) has a Missing Authorization vulnerability that allows Forceful Browsing, affecting FlowDrop versions 0.0.0 through 1.6.0. The Drupal SA-CONTRIB-2026-068 advisory and related records describe an access-bypass weakness involving workflow administration permissions (Administ...

6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-58589

CVE-2026-58589 concerns the Drupal FlowDrop module, where a missing authorization vulnerability enables forceful browsing/bypass of access controls. Affected are FlowDrop versions 0.0.0 through 1.6.0. The connected documents identify the issue as an access-bypass through inadequate permission enf...

6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago17 views

CVE-2026-13244

CVE-2026-13244 concerns the Drupal module for Tealium iQ Tag Management. The vulnerability arises from Improperly Controlled Modification of Dynamically-Determined Object Attributes in the module, allowing PHP object injection via data stored as serialized strings in the tealiumiq field. Affected...

6.1AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 2 days ago21 views

CVE-2026-13243

The Drupal Salesforce Suite CSRF CVE-2026-13243 affects the Salesforce integration in Drupal via the Salesforce module, with the vulnerability stemming from improper validation of the OAuth handshake during interactive authentication. This can allow an attacker to hijack the authorization token a...

6.1AI score0.00097EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-13240

The CVE-2026-13240 vulnerability affects the Drupal Paragraphs module (versions 0.0.0 through 1.21.0). Cause: Missing Authorization enabling forceful browsing to access unpublished library items in lists. Impact: Unauthorized access to items that should be restricted; practical consequences are a...

6.1AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-13239

CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...

6.1AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-13237

The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-13234

CVE-2026-13234 concerns an XSS flaw in the Drupal AI module. The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting. Affected versions are: 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. The issue is documented across NVD, CVE listing...

6.1AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder