drupal

557 tracked vulnerabilities.

CVE-2026-15089 CRITICAL
Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079
Jul 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-15087 MEDIUM
Clean RESTful - Critical - Unsupported - SA-CONTRIB-2026-078
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-15086 MEDIUM
Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11915 MEDIUM
Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11914 MEDIUM
Composer - Critical - Unsupported - SA-CONTRIB-2026-046
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-11913 CRITICAL
Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045
Jul 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-58591 MEDIUM
Colorbox - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-069
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58590 MEDIUM
FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-068
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58589 MEDIUM
FlowDrop - Moderately critical - Access bypass - SA-CONTRIB-2026-067
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-58588 MEDIUM
Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-066
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-58587 MEDIUM
Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-55810 HIGH
Plotly.js Graphing - Critical - PHP object injection - SA-CONTRIB-2026-050
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-55809 HIGH
Flag attendance field - Critical - PHP object injection - SA-CONTRIB-2026-049
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-55808 MEDIUM
Drupal core - Moderately critical - Improper validation - SA-CORE-2026-009
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-55807 LOW
Drupal core - Moderately critical - Server-side request forgery - SA-CORE-2026-008
Jul 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-55806 MEDIUM
Drupal core - Less critical - Cache poisoning and open redirect - SA-CORE-2026-007
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-55804 MEDIUM
Drupal core - Moderately critical - Gadget chain - SA-CORE-2026-006
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-55803 MEDIUM
Drupal core - Critical - PHP object injection - SA-CORE-2026-005
Jul 10, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-15085 MEDIUM
AI SEO/GEO Analyzer - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-076
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15084 MEDIUM
UI Patterns (SDC in Drupal UI) - Moderately critical - Cross site scripting - SA-CONTRIB-2026-075
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15083 MEDIUM
ECA: Event - Condition - Action - Less critical - Information disclosure - SA-CONTRIB-2026-074
Jul 10, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-15082 MEDIUM
Siteimprove Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-073
Jul 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-15081 HIGH
Location Selector - Critical - SQL Injection - SA-CONTRIB-2026-072
Jul 10, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-15080 MEDIUM
Ray Enterprise Translation - Moderately critical - Cross site request forgery - SA-CONTRIB-2026-071
Jul 10, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-15079 MEDIUM
Login Disable - Moderately critical - Access bypass - SA-CONTRIB-2026-070
Jul 10, 2026
CVSS 5.4
EPSS 0.00