drupal
557 tracked vulnerabilities.
CVE-2026-15089
CRITICAL
Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079
Jul 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-15087
MEDIUM
Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-15086
MEDIUM
Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11915
MEDIUM
Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11914
MEDIUM
Composer - Critical - Unsupported - SA-CONTRIB-2026-046
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11913
CRITICAL
Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045
Jul 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-58591
MEDIUM
Colorbox - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-069
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58590
MEDIUM
FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-068
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58589
MEDIUM
FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58588
MEDIUM
Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-066
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-58587
MEDIUM
Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-55810
HIGH
Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-55809
HIGH
Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-55808
MEDIUM
Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-55807
LOW
Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
Jul 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-55806
MEDIUM
Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-55804
MEDIUM
Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-55803
MEDIUM
Drupal core - Critical - PHP object injection - SA-CORE-2026-005
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-15085
MEDIUM
AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15084
MEDIUM
UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15083
MEDIUM
ECA: Event - Condition - Action - Less critical - Information disclosure - SA-CONTRIB-2026-074
Jul 10, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-15082
MEDIUM
Siteimprove Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-073
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15081
HIGH
Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072
Jul 10, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-15080
MEDIUM
Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071
Jul 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-15079
MEDIUM
Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070
Jul 10, 2026
CVSS 5.4
EPSS 0.00
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters