Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2026-5343 | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4. | 7.4 | 0.26% | 2026-05-28 | 2026-06-17 |
| CVE-2026-9082 KEV | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10. | 9.8 | 84.63% | 2026-05-20 | 2026-06-17 |
| CVE-2026-8495 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15. | 9.8 | 0.37% | 2026-05-19 | 2026-06-17 |
| CVE-2026-4933 | Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0. | 7.5 | 0.23% | 2026-03-26 | 2026-06-17 |
| CVE-2026-3573 | Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12. | 7.5 | 0.23% | 2026-03-26 | 2026-06-17 |
| CVE-2026-0945 | Privilege Defined With Unsafe Actions vulnerability in Drupal Role Delegation allows Privilege Escalation.This issue affects Role Delegation: from 1.3.0 before 1.5.0. | 8.8 | 0.22% | 2026-02-04 | 2026-06-17 |
| CVE-2025-14840 | Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1. | 7.5 | 0.26% | 2026-01-28 | 2026-06-17 |
| CVE-2025-14472 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3. | 8.1 | 0.13% | 2026-01-28 | 2026-06-17 |
| CVE-2025-13982 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3. | 8.1 | 0.14% | 2026-01-28 | 2026-06-17 |
| CVE-2026-0750 | Improper Verification of Cryptographic Signature vulnerability in Drupal Drupal Commerce Paybox Commerce Paybox on Drupal 7.X allows Authentication Bypass.This issue affects Drupal Commerce Paybox: from 7-x-1.0 through 7.X-1.5. | 8.7 | 0.29% | 2026-01-28 | 2026-06-17 |
| CVE-2025-12848 | Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g., "<img src=1 onerror=alert(document.domain)>") to a Webform node with a Multifile field where file type validation is disabled. This allows the execution of arbitrary scripts in the context of the victim's browser. The issue is pr | 7.0 | 0.29% | 2025-11-25 | 2026-06-17 |
| CVE-2025-9954 | Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5. | 7.5 | 0.25% | 2025-10-29 | 2026-06-17 |
| CVE-2025-12466 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7. | 7.5 | 0.31% | 2025-10-29 | 2026-06-17 |
| CVE-2025-12082 | Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0. | 7.5 | 0.25% | 2025-10-29 | 2026-06-17 |
| CVE-2025-8093 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8. | 8.8 | 0.33% | 2025-10-10 | 2026-06-17 |
| CVE-2025-8995 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4. | 9.8 | 0.49% | 2025-08-15 | 2026-06-17 |
| CVE-2025-8675 | Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6. | 8.8 | 0.15% | 2025-08-15 | 2026-06-17 |
| CVE-2025-8361 | Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0. | 7.6 | 0.25% | 2025-08-15 | 2026-06-17 |
| CVE-2025-8092 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16. | 7.6 | 0.27% | 2025-08-15 | 2026-06-17 |
| CVE-2025-7717 | Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1. | 7.5 | 0.35% | 2025-07-21 | 2026-06-17 |