ReportizFlow
Filtered by vendor Drupal
Subscriptions
Total
932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3528 | 2 Drupal, Joaopaulocdev | 2 Calculation Fields, Calculation Fields | 2026-04-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cross-Site Scripting (XSS).This issue affects Calculation Fields: from 0.0.0 before 1.0.4. | ||||
| CVE-2026-3529 | 2 Drupal, Sujanshrestha | 2 Google Analytics Ga4, Google Analytics Ga4 | 2026-04-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting (XSS).This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14. | ||||
| CVE-2026-3530 | 2 Bojanz, Drupal | 2 Openid Connect \/ Oauth Client, Openid | 2026-04-02 | 4.3 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | ||||
| CVE-2026-3531 | 2 Bojanz, Drupal | 2 Openid Connect \/ Oauth Client, Openid | 2026-04-02 | 6.5 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OAuth client allows Authentication Bypass.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | ||||
| CVE-2026-3532 | 2 Bojanz, Drupal | 2 Openid Connect \/ Oauth Client, Openid | 2026-04-02 | 4.2 Medium |
| Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows Privilege Escalation.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0. | ||||
| CVE-2026-3573 | 2 Artificial Intelligence Project, Drupal | 2 Artificial Intelligence, Artificial Intelligence | 2026-04-02 | 7.5 High |
| Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12. | ||||
| CVE-2026-4933 | 2 Drupal, Jeroenb | 2 Unpublished Node Permissions, Unpublished Node Permissions | 2026-04-02 | 7.5 High |
| Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0. | ||||
| CVE-2026-4393 | 2 Ajk, Drupal | 2 Automated Logout, Automated Logout | 2026-04-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2. | ||||
| CVE-2026-0748 | 2 Drupal, Internationalization Project | 2 Internationalization, Internationalization | 2026-04-02 | 4.3 Medium |
| In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls and discloses unpublished node titles and IDs. Exploit affects versions 7.x-1.0 up to and including 7.x-1.35. | ||||
| CVE-2026-3212 | 2 Drupal, Factorial | 2 Tagify, Tagify | 2026-03-29 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49. | ||||
| CVE-2025-9551 | 2 Drupal, Protected Pages Project | 2 Drupal, Protected Pages | 2026-03-27 | 6.5 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5. | ||||
| CVE-2025-12848 | 2 Drupal, Webform Multiple File Upload Project | 3 Drupal, Webform Module, Webform Multiple File Upload | 2026-03-27 | 6.1 Medium |
| Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g., "<img src=1 onerror=alert(document.domain)>") to a Webform node with a Multifile field where file type validation is disabled. This allows the execution of arbitrary scripts in the context of the victim's browser. The issue is present in a third-party library and has been addressed in a patch available at https://github.com/fyneworks/multifile/pull/44 . Users are advised to apply the provided patch or update to a fixed version of the module. | ||||
| CVE-2025-6675 | 2 Drupal, Miniorange | 2 Drupal, Miniorange 2fa | 2026-02-26 | 4.8 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. | ||||
| CVE-2025-8995 | 2 Authenticator Login Project, Drupal | 2 Authenticator Login, Drupal | 2026-02-26 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4. | ||||
| CVE-2025-13081 | 1 Drupal | 2 Drupal, Drupal Core | 2026-02-26 | 5.9 Medium |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. | ||||
| CVE-2025-13981 | 2 Artificial Intelligence Project, Drupal | 2 Artificial Intelligence, Ai | 2026-02-20 | 4.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4. | ||||
| CVE-2025-13982 | 2 Drupal, Innoraft | 2 Login Time Restriction, Login Time Restriction | 2026-02-20 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | ||||
| CVE-2025-13979 | 2 Drupal, Salsa.digital | 2 Mini Site, Mini Site | 2026-02-12 | 5.4 Medium |
| Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2. | ||||
| CVE-2025-14472 | 2 Acquia, Drupal | 2 Acquia Content Hub, Acquia Content Hub | 2026-02-06 | 8.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3. | ||||
| CVE-2025-13984 | 2 Drupal, Kanopi | 2 Next.js, Next.js | 2026-02-06 | 6.1 Medium |
| Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1. | ||||