drupal

509 tracked vulnerabilities.

CVE-2026-3218 MEDIUM
Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019
Mar 25, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-3217 MEDIUM
SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018
Mar 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3216 MEDIUM
Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017
Mar 25, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-3215 MEDIUM
Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-3214 MEDIUM
CAPTCHA - Moderately critical - Access bypass - SA-CONTRIB-2026-015
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3213 MEDIUM
Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014
Mar 25, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-3212 MEDIUM
Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-3211 MEDIUM
Theme Negotiation by Rules - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-012
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-3210 MEDIUM
Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011
Mar 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-2349 MEDIUM
UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
Mar 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-2348 MEDIUM
Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-1917 MEDIUM
Login Disable - Less critical - Access bypass - SA-CONTRIB-2026-008
Mar 25, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-0945 HIGH
Drupal Role Delegation <1.5.0 - Privilege Escalation
Feb 04, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-12848 MEDIUM
Webform Multiple File Upload module for Drupal 7.x - XSS
Nov 26, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-13083 LOW
Drupal <10.4.9-11.2.8 - Info Disclosure
Nov 18, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-13082 MEDIUM
Drupal Drupal core <11.2.8 - Content Spoofing
Nov 18, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-13081 MEDIUM
Drupal 8.0.0-10.4.8, 10.5.0-10.5.5, 11.0.0-11.1.8, 11.2.0-11.2.7 - Object Injection
Nov 18, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-13080 MEDIUM
Drupal 8.0.0-10.4.8, 10.5.0-10.5.5, 11.0.0-11.1.8, 11.2.0-11.2.7 - Forceful Browsing
Nov 18, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-12761 LOW
Drupal Simple Multi Step Form <2.0.0 - XSS
Nov 18, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-12760 MEDIUM
Drupal Email TFA <2.0.6 - Auth Bypass
Nov 18, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-9954 HIGH
Acquia DAM < 1.1.5 - Missing Authorization
Oct 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12466 HIGH
Drupal Simple OAuth 6.0.0-6.0.6 - Authentication Bypass
Oct 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12083 MEDIUM
Drupal CivicTheme Design System < 1.12.0 - Cross-Site Scripting
Oct 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-12082 HIGH
Drupal CivicTheme Design System < 1.12.0 - Incorrect Authorization
Oct 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-10931 LOW
Drupal Umami Analytics < 1.0.1 - Cross-Site Scripting
Oct 30, 2025
CVSS 3.8
EPSS 0.00
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV