drupal

Top products

The 15 most recently published vulnerabilities affecting drupal.

• CVE-2026-6816TFA Basic Plugins - Access Bypass3.8May 28, 2026
• CVE-2026-5343SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-0317.4May 28, 2026
• CVE-2026-4093Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)5.4May 21, 2026
• CVE-2026-4929Simple Hierarchical Select (Drupal 7) XSS in term-derived output5.4May 21, 2026
• CVE-2026-9082Drupal core - Highly critical - SQL injection - SA-CORE-2026-004KEV6.5May 20, 2026
• CVE-2026-8495Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-0379.8May 19, 2026
• CVE-2026-8493Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-0365.4May 19, 2026
• CVE-2026-8492Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-0352.7May 19, 2026
• CVE-2026-8491Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-0343.7May 19, 2026
• CVE-2026-6871Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-0336.1May 19, 2026
• CVE-2026-6367Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-0036.1May 19, 2026
• CVE-2026-6366Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-0026.6May 19, 2026
• CVE-2026-6365Drupal core - Critical - Cross-site scripting - SA-CORE-2026-0016.1May 19, 2026
• CVE-2026-6095Orejime - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-0326.1May 19, 2026
• CVE-2026-0748Access bypass in Drupal 7 i18n_node translation UI4.3Mar 26, 2026