NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-15089 | vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | 該当なし | 0.24% | 2026-07-10 | 2026-07-10 |
| CVE-2026-15087 | vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | 該当なし | 0.24% | 2026-07-10 | 2026-07-10 |
| CVE-2026-15086 | vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. | 該当なし | 0.24% | 2026-07-10 | 2026-07-10 |
| CVE-2026-11915 | vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*. | 該当なし | 0.15% | 2026-07-10 | 2026-07-10 |
| CVE-2026-11914 | vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | 該当なし | 0.15% | 2026-07-10 | 2026-07-10 |
| CVE-2026-11913 | vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | 該当なし | 0.15% | 2026-07-10 | 2026-07-10 |
| CVE-2026-58591 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0. | 該当なし | 0.20% | 2026-07-10 | 2026-07-10 |
| CVE-2026-58590 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 該当なし | 0.18% | 2026-07-10 | 2026-07-10 |
| CVE-2026-58589 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 該当なし | 0.18% | 2026-07-10 | 2026-07-10 |
| CVE-2026-58588 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 該当なし | 0.20% | 2026-07-10 | 2026-07-10 |
| CVE-2026-58587 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 該当なし | 0.20% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55810 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | 該当なし | 0.16% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55809 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. | 該当なし | 0.17% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55808 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 該当なし | 0.15% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55807 | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 該当なし | 0.13% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55806 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 該当なし | 0.13% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55804 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 該当なし | 0.16% | 2026-07-10 | 2026-07-10 |
| CVE-2026-55803 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 該当なし | 0.16% | 2026-07-10 | 2026-07-10 |
| CVE-2026-15085 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3. | 該当なし | 0.25% | 2026-07-10 | 2026-07-10 |
| CVE-2026-15084 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17. | 該当なし | 0.25% | 2026-07-10 | 2026-07-10 |