drupal

509 tracked vulnerabilities.

CVE-2026-4929 MEDIUM
Simple Hierarchical Select (Drupal 7) XSS in term-derived output
May 21, 2026
EPSS 0.00
CVE-2026-4093 MEDIUM
Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)
May 21, 2026
EPSS 0.00
CVE-2026-9082 MEDIUM KEVNUCLEI
Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
May 20, 2026
CVSS 6.5
EPSS 0.13
CVE-2026-8495 CRITICAL
Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037
May 19, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-8493 MEDIUM
Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036
May 19, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-8492 LOW
Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035
May 19, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-8491 LOW
Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034
May 19, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-6871 MEDIUM
Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-6367 MEDIUM
Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-6366 MEDIUM
Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
May 19, 2026
CVSS 6.6
EPSS 0.00
CVE-2026-6365 MEDIUM
Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-6095 MEDIUM
Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-032
May 19, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-1556 MEDIUM
Information disclosure via file URI overwrite in File (Field) Paths
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-0748 MEDIUM
Access bypass in Drupal 7 i18n_node translation UI
Mar 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4933 HIGH
Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4393 MEDIUM
Automated Logout - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-030
Mar 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3573 HIGH
AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3532 MEDIUM
OpenID Connect / OAuth client - Less critical - Access bypass - SA-CONTRIB-2026-027
Mar 26, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-3531 MEDIUM
OpenID Connect / OAuth client - Moderately critical - Access bypass - SA-CONTRIB-2026-026
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3530 MEDIUM
OpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025
Mar 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3529 MEDIUM
Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024
Mar 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3528 MEDIUM
Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023
Mar 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3527 MEDIUM
AJAX Dashboard - Critical - Access bypass - SA-CONTRIB-2026-022
Mar 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3526 MEDIUM
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021
Mar 26, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-3525 MEDIUM
File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020
Mar 26, 2026
CVSS 5.3
EPSS 0.00
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV