CVE-2026-1556 - Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths

CVE-2026-0748 - In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both

CVE-2026-4933 - Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsin

CVE-2026-4393 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request

CVE-2026-3573 - Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injecti

CVE-2026-3532 - Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows P

CVE-2026-3531 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OA

CVE-2026-3530 - Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Serv

CVE-2026-3528 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3527 - Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploitin

CVE-2026-3526 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-3525 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-3218 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3217 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3216 - Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request

CVE-2026-3215 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3214 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Func

CVE-2026-3213 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3212 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3211 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Si

CVE-2026-3210 - Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue a

CVE-2026-2349 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-2348 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-1917 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allow

CVE-2026-1554 - XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS

CVE-2026-1553 - Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue af

CVE-2026-0947 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-0946 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-0945 - Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escal

CVE-2026-0944 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows For

CVE-2025-14840 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager all

CVE-2025-14472 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Reque

CVE-2025-13986 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page

CVE-2025-13985 - Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue aff

CVE-2025-13984 - Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allow

CVE-2025-13983 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2025-13982 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site R

CVE-2025-13981 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2025-13980 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium

CVE-2025-13979 - Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue

CVE-2026-0750 - Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Comm

CVE-2026-0749 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i

CVE-2026-24478 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe