drupal
557 tracked vulnerabilities.
CVE-2026-13244
HIGH
Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-13243
MEDIUM
Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13242
MEDIUM
Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13241
MEDIUM
Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13240
MEDIUM
Paragraphs - Less critical - Access bypass - SA-CONTRIB-2026-060
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13239
MEDIUM
WissKI - Critical - Access bypass - SA-CONTRIB-2026-059
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13238
MEDIUM
Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13237
MEDIUM
AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13236
MEDIUM
AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056
Jul 10, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-13235
LOW
AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-13234
MEDIUM
AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-13233
LOW
OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-13232
LOW
Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052
Jul 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-13231
MEDIUM
Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-12535
CRITICAL
Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048
Jul 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-11909
LOW
Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-11908
ANALYSIS PENDING
Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043
Jul 10, 2026
EPSS 0.00
CVE-2026-10770
ANALYSIS PENDING
Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042
Jul 10, 2026
EPSS 0.00
CVE-2026-10769
ANALYSIS PENDING
Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041
Jul 10, 2026
EPSS 0.00
CVE-2026-10768
ANALYSIS PENDING
LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
Jul 10, 2026
EPSS 0.00
CVE-2026-9726
ANALYSIS PENDING
Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038
Jul 10, 2026
EPSS 0.00
CVE-2026-6816
LOW
TFA Basic Plugins - Access Bypass
May 28, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-5343
HIGH
SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
May 28, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-4929
MEDIUM
Simple Hierarchical Select (Drupal 7) XSS in term-derived output
May 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-4093
MEDIUM
Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)
May 21, 2026
CVSS 5.4
EPSS 0.00
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters