CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 364 results
«« First « Prev Page 1 / 19 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-15089 vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. 9.1 0.51% 2026-07-10 2026-07-13
CVE-2026-15087 vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. 5.9 0.39% 2026-07-10 2026-07-13
CVE-2026-15086 vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. 5.9 0.41% 2026-07-10 2026-07-13
CVE-2026-11915 vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*. 5.9 0.15% 2026-07-10 2026-07-13
CVE-2026-11914 vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. 5.9 0.15% 2026-07-10 2026-07-13
CVE-2026-11913 vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. 9.8 0.32% 2026-07-10 2026-07-13
CVE-2026-58591 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0. 5.4 0.20% 2026-07-10 2026-07-14
CVE-2026-58590 Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. 5.4 0.18% 2026-07-10 2026-07-14
CVE-2026-58589 Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. 5.4 0.18% 2026-07-10 2026-07-14
CVE-2026-58588 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. 6.1 0.25% 2026-07-10 2026-07-13
CVE-2026-58587 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. 6.1 0.25% 2026-07-10 2026-07-13
CVE-2026-55810 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. 8.1 0.16% 2026-07-10 2026-07-14
CVE-2026-55809 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. 8.1 0.30% 2026-07-10 2026-07-14
CVE-2026-55808 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. 5.4 0.13% 2026-07-10 2026-07-16
CVE-2026-55807 Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. 3.1 0.13% 2026-07-10 2026-07-16
CVE-2026-55806 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. 5.9 0.21% 2026-07-10 2026-07-16
CVE-2026-55804 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. 5.9 0.16% 2026-07-10 2026-07-16
CVE-2026-55803 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. 5.9 0.16% 2026-07-10 2026-07-16
CVE-2026-15085 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3. 5.4 0.25% 2026-07-10 2026-07-13
CVE-2026-15084 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17. 5.4 0.25% 2026-07-10 2026-07-13
«« First « Prev Page 1 / 19 Next »
cvelogic Threat Intelligence