Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13242 | 2026-07-10 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Geolocation Field allows SQL Injection. This issue affects Geolocation Field versions: from 0.0.0 to 3.15.0. | ||||
| CVE-2026-13241 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | ||||
| CVE-2026-13240 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0. | ||||
| CVE-2026-13239 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0. | ||||
| CVE-2026-13238 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2. | ||||
| CVE-2026-13237 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13236 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1. | ||||
| CVE-2026-13235 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3. | ||||
| CVE-2026-13234 | 2026-07-10 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS). This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3. | ||||
| CVE-2026-13233 | 2026-07-10 | N/A | ||
| Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Request Forgery. This issue affects OpenAI Provider versions: from 0.0.0 to 1.1.1, from 1.2.0 to 1.2.2. | ||||
| CVE-2026-13232 | 2026-07-10 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Forceful Browsing. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0. | ||||
| CVE-2026-13231 | 2026-07-10 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) allows Stored XSS. This issue affects Advanced Content Feedback (aka admin_feedback) versions: from 0.0.0 to 2.8.0. | ||||
| CVE-2026-55810 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | ||||
| CVE-2026-55809 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. | ||||
| CVE-2026-12535 | 2026-07-10 | N/A | ||
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0. | ||||
| CVE-2026-11909 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6. | ||||
| CVE-2026-52747 | 2026-07-10 | 8.6 High | ||
| ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16. | ||||
| CVE-2026-10769 | 2026-07-10 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6. | ||||
| CVE-2026-10768 | 2026-07-10 | N/A | ||
| Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0. | ||||
| CVE-2026-52761 | 2026-07-10 | 5.8 Medium | ||
| ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 through 3.0.15, the t:utf8toUnicode transformation in src/actions/transformations/utf8_to_unicode.cc produces wrong output on i386 architecture because snprintf uses sizeof on a char pointer rather than the length of the unicode buffer, allowing rules that use this transformation to be bypassed on i386 architecture. This issue is fixed in version 3.0.16. | ||||