Vulnerabilities in Drupal
309 resultsCVE-2025-48009LOWSingle Content Sync - Moderately critical - Access bypass - SA-CONTRIB-2025-060EPSS 0.2%CVE-2025-6674MEDIUMCKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081EPSS 0.2%CVE-2026-3218MEDIUMResponsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019EPSS 0.2%CVE-2025-9549MEDIUMFacets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099EPSS 0.2%CVE-2025-10931LOWUmami Analytics - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-109EPSS 0.2%CVE-2025-10926MEDIUMJSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106EPSS 0.2%CVE-2025-48922MEDIUMGLightbox - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-078EPSS 0.2%CVE-2025-48919MEDIUMSimple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073EPSS 0.2%CVE-2025-48917MEDIUMEU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072EPSS 0.2%CVE-2024-13248MEDIUMPrivate content - Moderately critical - Access bypass - SA-CONTRIB-2024-012EPSS 0.2%CVE-2025-12760MEDIUMEmail TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115EPSS 0.2%CVE-2026-8493MEDIUMColorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036EPSS 0.2%CVE-2025-9550MEDIUMFacets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100EPSS 0.2%CVE-2025-10927MEDIUMPlausible tracking - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-107EPSS 0.2%CVE-2026-3215MEDIUMIslandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016EPSS 0.2%CVE-2025-14556MEDIUMXSS in Drupal 7 Flag ModuleEPSS 0.2%CVE-2025-31688MEDIUMConfiguration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017EPSS 0.2%CVE-2026-4093MEDIUMStored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)EPSS 0.2%CVE-2025-47708HIGHEnterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054EPSS 0.2%CVE-2026-3213MEDIUMAnti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014EPSS 0.2%