Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Drupal — Vulnerabilities & Security Advisories 295

Browse all 295 CVE security advisories affecting Drupal. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Drupal:Drupal CorecoreOpen SocialEnterprise MFA - TFA for DrupalAI (Artificial Intelligence)COOKiES Consent ManagementTwo-factor Authentication (TFA)One Time PasswordAuthenticator LoginOpenID Connect / OAuth clientFacetsData-moduleKlaro Cookie & Consent ManagementAccess codeQuick Node BlockSimple KlaroGoogle TagEmail TFACivicTheme Design SystemAcquia DAMDrupalPOST FileParagraphs tableTagifyDrupal CanvasLogin DisableNode Access Rebuild ProgressiveMonster MenusFile Entity (fieldable files)File Access Fix (deprecated)
CVE IDTitleCVSSSeverityPaused
CVE-2025-48923 Toc.js - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-077 — Toc.jsCWE-79 6.1AIMediumAI2025-06-26
CVE-2025-48915 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48914 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48920 etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074 — etrackerCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48919 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 — Simple KlaroCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48917 EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072 — EU Cookie Compliance (GDPR Compliance)CWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48918 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071 — Simple KlaroCWE-79 6.1AIMediumAI2025-06-13
CVE-2025-48916 Bookable Calendar - Less critical - Access bypass - SA-CONTRIB-2025-070 — Bookable CalendarCWE-862 7.5AIHighAI2025-06-13
CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 — LightgalleryCWE-79 6.1AIMediumAI2025-06-11
CVE-2025-48448 Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068 — Admin Audit TrailCWE-770 8.1AIHighAI2025-06-11
CVE-2025-48446 Commerce Alphabank Redirect - Moderately critical - Access bypass - SA-CONTRIB-2025-067 — Commerce Alphabank RedirectCWE-863 9.4AICriticalAI2025-06-11
CVE-2025-48445 Commerce Eurobank (Redirect) - Moderately critical - Access bypass - SA-CONTRIB-2025-066 — Commerce Eurobank (Redirect)CWE-863 9.8AICriticalAI2025-06-11
CVE-2025-48013 Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065 — Quick Node BlockCWE-862 7.5AIHighAI2025-06-11
CVE-2025-48444 Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-064 — Quick Node BlockCWE-862 7.5AIHighAI2025-06-11
CVE-2025-48012 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 — One Time PasswordCWE-294 9.1AICriticalAI2025-05-21
CVE-2025-48011 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-062 — One Time PasswordCWE-288 9.8AICriticalAI2025-05-21
CVE-2025-48010 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061 — One Time PasswordCWE-288 9.8AICriticalAI2025-05-21
CVE-2025-48009 Single Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060 — Single Content SyncCWE-862 9.8AICriticalAI2025-05-21
CVE-2025-4416 Events Log Track - Moderately critical - Denial of Service - SA-CONTRIB-2025-059 — Events Log TrackCWE-770 6.5AIMediumAI2025-05-21
CVE-2025-4415 Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058 — Piwik PROCWE-79 6.1AIMediumAI2025-05-21
CVE-2025-47710 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056 — Enterprise MFA - TFA for DrupalCWE-288 9.8AICriticalAI2025-05-14
CVE-2025-47709 Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055 — Enterprise MFA - TFA for DrupalCWE-862 6.5AIMediumAI2025-05-14
CVE-2025-47708 Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054 — Enterprise MFA - TFA for DrupalCWE-352 8.8AIHighAI2025-05-14
CVE-2025-47707 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053 — Enterprise MFA - TFA for DrupalCWE-288 9.8AICriticalAI2025-05-14
CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052 — Enterprise MFA - TFA for DrupalCWE-294 9.8AICriticalAI2025-05-14
CVE-2025-47705 IFrame Remove Filter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-051 — IFrame Remove FilterCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47704 Klaro Cookie & Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-050 — Klaro Cookie & Consent ManagementCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47703 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-049 — COOKiES Consent ManagementCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048 — oEmbed ProvidersCWE-79 6.1AIMediumAI2025-05-14
CVE-2025-47701 Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047 — Restrict route by IPCWE-352 8.8AIHighAI2025-05-14

This page lists every published CVE security advisory associated with Drupal. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.