Filtered by vendor Drupal
Subscriptions
Total
992 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-15087 | 1 Drupal | 1 Clean Restful | 2026-07-14 | 5.9 Medium |
| vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | ||||
| CVE-2026-11915 | 1 Drupal | 1 Brute Force Attack Protection | 2026-07-14 | 5.9 Medium |
| vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*. | ||||
| CVE-2026-11914 | 1 Drupal | 1 Composer | 2026-07-14 | 5.9 Medium |
| vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | ||||
| CVE-2026-15086 | 1 Drupal | 1 Raw Formatter [meta Tag Formatter] | 2026-07-13 | 5.9 Medium |
| vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. | ||||
| CVE-2026-11909 | 1 Drupal | 1 Examples For Developers | 2026-07-13 | 3.3 Low |
| Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6. | ||||
| CVE-2026-15089 | 1 Drupal | 1 Commerce Guest Registration | 2026-07-13 | 9.1 Critical |
| vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | ||||
| CVE-2026-11913 | 1 Drupal | 1 Mother May I | 2026-07-13 | 9.8 Critical |
| vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | ||||
| CVE-2026-13237 | 1 Drupal | 1 Ai Agents | 2026-07-13 | 4.8 Medium |
| Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13238 | 1 Drupal | 1 Commerce Realex / Global Payments | 2026-07-13 | 4.8 Medium |
| Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2. | ||||
| CVE-2026-58591 | 1 Drupal | 1 Colorbox | 2026-07-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0. | ||||
| CVE-2026-15082 | 1 Drupal | 1 Siteimprove Analytics | 2026-07-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting (XSS). This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1. | ||||
| CVE-2026-15083 | 1 Drupal | 1 Eca:event - Condition - Action | 2026-07-13 | 4.2 Medium |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4. | ||||
| CVE-2026-15084 | 1 Drupal | 1 Ui Patterns (sdc In Drupal Ui) | 2026-07-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17. | ||||
| CVE-2026-15085 | 1 Drupal | 1 Ai Seo/geo Analyzer | 2026-07-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3. | ||||
| CVE-2026-55803 | 1 Drupal | 1 Drupal Core | 2026-07-13 | 5.9 Medium |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | ||||
| CVE-2026-55804 | 1 Drupal | 1 Drupal Core | 2026-07-13 | 5.9 Medium |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | ||||
| CVE-2026-55807 | 1 Drupal | 1 Drupal Core | 2026-07-13 | 3.1 Low |
| Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | ||||
| CVE-2026-55808 | 1 Drupal | 1 Drupal Core | 2026-07-13 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | ||||
| CVE-2026-55806 | 1 Drupal | 1 Drupal Core | 2026-07-13 | 5.9 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | ||||
| CVE-2026-15081 | 1 Drupal | 1 Location Selector | 2026-07-13 | 7.4 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0. | ||||