Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-15089 | vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. | 9.1 | 0.51% | 2026-07-10 | 2026-07-13 |
| CVE-2026-15087 | vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*. | 5.9 | 0.39% | 2026-07-10 | 2026-07-13 |
| CVE-2026-15086 | vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Formatter [Meta Tag Formatter] versions: *.*. | 5.9 | 0.41% | 2026-07-10 | 2026-07-13 |
| CVE-2026-11915 | vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions: *.*. | 5.9 | 0.15% | 2026-07-10 | 2026-07-13 |
| CVE-2026-11914 | vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*. | 5.9 | 0.15% | 2026-07-10 | 2026-07-13 |
| CVE-2026-11913 | vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*. | 9.8 | 0.32% | 2026-07-10 | 2026-07-13 |
| CVE-2026-58591 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS). This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0. | 5.4 | 0.20% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58590 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 5.4 | 0.18% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58589 | Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0. | 5.4 | 0.18% | 2026-07-10 | 2026-07-14 |
| CVE-2026-58588 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 6.1 | 0.25% | 2026-07-10 | 2026-07-13 |
| CVE-2026-58587 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting (XSS). This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1. | 6.1 | 0.25% | 2026-07-10 | 2026-07-13 |
| CVE-2026-55810 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2. | 8.1 | 0.16% | 2026-07-10 | 2026-07-14 |
| CVE-2026-55809 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2. | 8.1 | 0.30% | 2026-07-10 | 2026-07-14 |
| CVE-2026-55808 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 5.4 | 0.13% | 2026-07-10 | 2026-07-16 |
| CVE-2026-55807 | Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 3.1 | 0.13% | 2026-07-10 | 2026-07-16 |
| CVE-2026-55806 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 5.9 | 0.21% | 2026-07-10 | 2026-07-16 |
| CVE-2026-55804 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 5.9 | 0.16% | 2026-07-10 | 2026-07-16 |
| CVE-2026-55803 | Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.*, from 0.0.0 to 11.1.*. | 5.9 | 0.16% | 2026-07-10 | 2026-07-16 |
| CVE-2026-15085 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3. | 5.4 | 0.25% | 2026-07-10 | 2026-07-13 |
| CVE-2026-15084 | Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Patterns (SDC in Drupal UI) allows Stored XSS. This issue affects UI Patterns (SDC in Drupal UI) versions: from 2.0.0 to 2.0.17. | 5.4 | 0.25% | 2026-07-10 | 2026-07-13 |