CVE-2026-6816 - An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users pe

CVE-2026-5343 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Prov

CVE-2026-4929 - Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper out

CVE-2026-4093 - In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter ren

CVE-2026-9082 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2026-8495 - Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affect

CVE-2026-8493 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-8492 - Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTransla

CVE-2026-8491 - Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions a

CVE-2026-6871 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-6367 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-6366 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drup

CVE-2026-6365 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-6095 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2022-50957 - Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that al

CVE-2026-1556 - Information disclosure in the file URI processing of File (Field) Paths in Drupal File (Field) Paths

CVE-2026-0748 - In the Drupal 7 Internationalization (i18n) module, the i18n_node submodule allows a user with both

CVE-2026-4933 - Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsin

CVE-2026-4393 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request

CVE-2026-3573 - Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injecti

CVE-2026-3532 - Improper Handling of Case Sensitivity vulnerability in Drupal OpenID Connect / OAuth client allows P

CVE-2026-3531 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal OpenID Connect / OA

CVE-2026-3530 - Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenID Connect / OAuth client allows Serv

CVE-2026-3528 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3527 - Missing Authentication for Critical Function vulnerability in Drupal AJAX Dashboard allows Exploitin

CVE-2026-3526 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-3525 - Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsin

CVE-2026-3218 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3217 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3216 - Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request

CVE-2026-3215 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3214 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Func

CVE-2026-3213 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3212 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-3211 - Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Si

CVE-2026-3210 - Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue a

CVE-2026-2349 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-2348 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability i

CVE-2026-1917 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allow