drupal

557 tracked vulnerabilities.

CVE-2026-13244 HIGH
Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064
Jul 10, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-13243 MEDIUM
Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13242 MEDIUM
Geolocation Field - Critical - SQL Injection - SA-CONTRIB-2026-062
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13241 MEDIUM
Paragraphs - Moderately critical - Access bypass - SA-CONTRIB-2026-061
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13240 MEDIUM
Paragraphs - Less critical - Access bypass - SA-CONTRIB-2026-060
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13239 MEDIUM
WissKI - Critical - Access bypass - SA-CONTRIB-2026-059
Jul 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-13238 MEDIUM
Commerce Realex / Global Payments - Moderately critical - Access Bypass - SA-CONTRIB-2026-058
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13237 MEDIUM
AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
Jul 10, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-13236 MEDIUM
AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056
Jul 10, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-13235 LOW
AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-13234 MEDIUM
AI (Artificial Intelligence) - Moderately critical - Information Disclosure / Cross-site Scripting - SA-CONTRIB-2026-054
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-13233 LOW
OpenAI Provider - Moderately critical - Server-side Request Forgery - SA-CONTRIB-2026-053
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-13232 LOW
Advanced Content Feedback (aka admin_feedback) - Moderately critical - Access bypass / Insecure Direct Object Reference (IDOR) - SA-CONTRIB-2026-052
Jul 10, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-13231 MEDIUM
Advanced Content Feedback (aka admin_feedback) - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-051
Jul 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-12535 CRITICAL
Formatter Field - Critical - PHP object injection - SA-CONTRIB-2026-048
Jul 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-11909 LOW
Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044
Jul 10, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-11908 ANALYSIS PENDING
Tagify - Moderately critical - Cross-site scripting (XSS) - SA-CONTRIB-2026-043
Jul 10, 2026
EPSS 0.00
CVE-2026-10770 ANALYSIS PENDING
Anti-Spam by CleanTalk - Moderately critical - Cross site scripting - SA-CONTRIB-2026-042
Jul 10, 2026
EPSS 0.00
CVE-2026-10769 ANALYSIS PENDING
Commerce Core - Moderately critical - Cross site scripting - SA-CONTRIB-2026-041
Jul 10, 2026
EPSS 0.00
CVE-2026-10768 ANALYSIS PENDING
LocalGov Workflows - Moderately critical - Information disclosure - SA-CONTRIB-2026-039
Jul 10, 2026
EPSS 0.00
CVE-2026-9726 ANALYSIS PENDING
Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038
Jul 10, 2026
EPSS 0.00
CVE-2026-6816 LOW
TFA Basic Plugins - Access Bypass
May 28, 2026
CVSS 3.8
EPSS 0.00
CVE-2026-5343 HIGH
SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
May 28, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-4929 MEDIUM
Simple Hierarchical Select (Drupal 7) XSS in term-derived output
May 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-4093 MEDIUM
Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)
May 21, 2026
CVSS 5.4
EPSS 0.00