NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-9726 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal AlternativeCommerce (Basket) versions: from 0.0.0 to 2.1.17. | 9.8 | 0.31% | 2026-07-10 | 2026-07-14 |
| CVE-2026-9082 KEV | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10. | 9.8 | 84.63% | 2026-05-20 | 2026-06-17 |
| CVE-2026-8495 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. | 9.8 | 0.37% | 2026-05-19 | 2026-06-17 |
| CVE-2026-8493 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting (XSS). This issue affects Colorbox Inline: from 0.0.0 before 2.1.1. | 5.4 | 0.18% | 2026-05-19 | 2026-06-17 |
| CVE-2026-8492 | Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5. | 2.7 | 0.24% | 2026-05-19 | 2026-06-17 |
| CVE-2026-8491 | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1. | 3.7 | 0.21% | 2026-05-19 | 2026-06-17 |
| CVE-2026-6871 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Obfuscate allows Cross-Site Scripting (XSS). This issue affects Obfuscate: from 0.0.0 before 2.0.2. | 6.1 | 0.20% | 2026-05-19 | 2026-06-17 |
| CVE-2026-6816 | An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2. | 5.1 | 0.29% | 2026-05-28 | 2026-06-17 |
| CVE-2026-6367 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.0 before 11.3.7. | 6.1 | 0.20% | 2026-05-19 | 2026-06-17 |
| CVE-2026-6366 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7. | 6.6 | 0.40% | 2026-05-19 | 2026-06-17 |
| CVE-2026-6365 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7. | 6.1 | 0.24% | 2026-05-19 | 2026-06-17 |
| CVE-2026-6095 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS). This issue affects Orejime: from 0.0.0 before 2.0.16. | 6.1 | 0.20% | 2026-05-19 | 2026-06-17 |
| CVE-2026-58591 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0. | 5.4 | 0.20% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58590 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 5.4 | 0.18% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58589 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 5.4 | 0.18% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58588 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 6.1 | 0.25% | 2026-07-10 | 2026-07-13 |
| CVE-2026-58587 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 6.1 | 0.25% | 2026-07-10 | 2026-07-13 |
| CVE-2026-55810 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | 8.1 | 0.16% | 2026-07-10 | 2026-07-14 |
| CVE-2026-55809 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. | 8.1 | 0.30% | 2026-07-10 | 2026-07-14 |
| CVE-2026-55808 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 5.4 | 0.13% | 2026-07-10 | 2026-07-16 |