Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPaused
CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002 — Role DelegationCWE-267 8.8AIHighAI2026-02-04
CVE-2026-0944 Group invite - Moderately critical - Access bypass - SA-CONTRIB-2026-001 — Group inviteCWE-754--AI2026-02-04
CVE-2025-14840 HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126 — HTTP Client ManagerCWE-754--AI2026-01-28
CVE-2025-14472 Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125 — Acquia Content HubCWE-352 8.8AIHighAI2026-01-28
CVE-2025-13986 Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124 — Disable Login PageCWE-288 9.8AICriticalAI2026-01-28
CVE-2025-13985 Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123 — Entity ShareCWE-863 7.5AIHighAI2026-01-28
CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122 — Next.jsCWE-942 6.1AIMediumAI2026-01-28
CVE-2025-13983 Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121 — TagifyCWE-79 6.1AIMediumAI2026-01-28
CVE-2025-13982 Login Time Restriction - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-120 — Login Time RestrictionCWE-352 8.8AIHighAI2026-01-28
CVE-2025-13981 AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119 — AI (Artificial Intelligence)CWE-79 6.1AIMediumAI2026-01-28
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118 — CKEditor 5 Premium FeaturesCWE-288 9.8AICriticalAI2026-01-28
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117 — Mini siteCWE-267 5.4AIMediumAI2026-01-28
CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module — DrupalCWE-79 6.1AIMediumAI2026-01-28
CVE-2026-0750 Payment bypass in Commerce Paybox — Drupal Commerce PayboxCWE-347 9.8AICriticalAI2026-01-28
CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module — Facebook PixelCWE-79 6.1AIMediumAI2026-01-14
CVE-2025-14556 XSS in Drupal 7 Flag Module — FlagCWE-79 6.1AIMediumAI2026-01-14
CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform — DrupalCWE-79 6.1AIMediumAI2025-11-26
CVE-2025-12761 Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116 — Simple multi step formCWE-79 6.1AIMediumAI2025-11-18
CVE-2025-12760 Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115 — Email TFACWE-288 9.8AICriticalAI2025-11-18
CVE-2025-13083 Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008 — Drupal coreCWE-525 7.5AIHighAI2025-11-18
CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 — Drupal coreCWE-451 4.3AIMediumAI2025-11-18
CVE-2025-13081 Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006 — Drupal coreCWE-915 9.8AICriticalAI2025-11-18
CVE-2025-13080 Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005 — Drupal coreCWE-754--AI2025-11-18
CVE-2025-12466 Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114 — Simple OAuth (OAuth2) & OpenID ConnectCWE-288 9.8AICriticalAI2025-10-29
CVE-2025-12083 CivicTheme Design System - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-113 — CivicTheme Design SystemCWE-79 6.1AIMediumAI2025-10-29
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112 — CivicTheme Design SystemCWE-863 7.5AIHighAI2025-10-29
CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111 — Reverse Proxy HeaderCWE-1288 9.1AICriticalAI2025-10-29
CVE-2025-10930 Currency - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-110 — CurrencyCWE-352 8.8AIHighAI2025-10-29
CVE-2025-10931 Umami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109 — Umami AnalyticsCWE-79 6.1AIMediumAI2025-10-29
CVE-2025-10928 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108 — Access codeCWE-307 9.8AICriticalAI2025-10-29

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.