Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how drupal compares to other vendors in security performance

View Risk Score →

Software

drupal
529
drupal drupal
284
drupal drupal core
10
drupal views
9
drupal project issue tracking module
6
drupal enterprise mfa - tfa
5
drupal monster menus
5
drupal aggregation module
4
drupal ai
4
drupal print module
4
drupal project
4
drupal drupal project issue tracking
3
drupal one time password
3
drupal print
3
drupal shindig integrator
3
drupal two-factor authentication
3
drupal authenticator login
2
drupal bibliography module
2
drupal chatroom module
2
drupal cookies consent management
2
drupal core
2
drupal custom search module
2
drupal database administration module
2
drupal drupal easylinks module
2
drupal email tfa
2
drupal facets
2
drupal file entity
2
drupal google tag
2
drupal help tip module
2
drupal imce module
2
drupal internationalization
2
drupal localization client
2
drupal logintoboggan module
2
drupal migrate
2
drupal node access rebuild progressive
2
drupal opigno group manager
2
drupal professional theme
2
drupal secure site module
2
drupal taxonomy autotagger module
2
drupal trailscout module
2
drupal views bulk operations
2
drupal access
1
drupal access code
1
drupal acidfree
1
drupal activity
1
drupal activity drupal
1
drupal advanced pwa with push notifications
1
drupal advanced varnish
1
drupal allow all file extensions
1
drupal api key manager
1

Drupal Core SQL injection flaw actively exploited less than 48 hours after patch. 15,000 attack attempts already recorded across 6,000 sites

First published (updated )
Social
reddit

BleepingComputerDrupal: Critical SQL injection flaw now targeted in attacks

Exploited
First published (updated )
News
BleepingComputer

Drupal Term Reference TreeStored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)

Risk 32
Severity
5.1
First published (updated )
CVE-2026-4093

Keys to the Kingdom: Anonymous SQL Injection in Drupal Core (CVE-2026-9082)

First published (updated )
Social
reddit

Drupal Drupal CoreDrupal Core SQL Injection Vulnerability

Risk 82
Severity
9.8
Exploited
EPSS
12.57%
Trending
Month
First published (updated )
CVE-2026-9082
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal DrupalSQL Injection

Risk 46
Severity
9
First published (updated )
Advisory
SA-CORE-2026-004

Drupal Date iCalDate iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

Risk 61
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2026-8495

Drupal Node View PermissionsNode View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Risk 15
Severity
3.7
EPSS
0.03%
First published (updated )
CVE-2026-8491

Drupal Drupal CoreDrupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Risk 38
Severity
6.1
First published (updated )
CVE-2026-6367

Drupal DrupalDrupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002

Risk 61
Severity
6.6
First published (updated )
CVE-2026-6366
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal DrupalDrupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Risk 38
Severity
6.1
First published (updated )
CVE-2026-6365

Drupal DrupalDrupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5.…

Risk 42
Severity
9
First published (updated )
Advisory
SA-CORE-2026-003

Drupal DrupalXSS

Risk 42
Severity
9
First published (updated )
Advisory
SA-CORE-2026-001

Drupal DrupalSQL Injection

Risk 42
Severity
9
First published (updated )
Advisory
SA-CORE-2026-002

Drupal File (Field) PathsInformation disclosure via file URI overwrite in File (Field) Paths

Risk 33
Severity
6.9
First published (updated )
CVE-2026-1556
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal Unpublished Node PermissionsUnpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2026-4933

Drupal OpenID Connect / OAuth clientOpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025

Risk 16
Severity
4.3
EPSS
0.03%
First published (updated )
CVE-2026-3530

Drupal Calculation FieldsCalculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2026-3528

Drupal SAML SSO - Service ProviderSAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

Risk 38
Severity
6.1
First published (updated )
CVE-2026-3217

Drupal Drupal CanvasDrupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017

Risk 26
Severity
5
First published (updated )
CVE-2026-3216
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Jtenman Central Authentication System Server DrupalCentral Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

Risk 29
Severity
4.2
First published (updated )
CVE-2026-1554

Bordeaux-metropole At Internet Piano Analytics DrupalAT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004

Risk 29
Severity
4.8
First published (updated )
CVE-2026-0947

Drupal Role DelegationRole Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002

Risk 79
Severity
8.8
First published (updated )
CVE-2026-0945

Bmeme Http Client Manager DrupalHTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126

Risk 43
Severity
7.5
First published (updated )
CVE-2025-14840

Drupal Entity ShareEntity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123

Risk 27
Severity
5.3
First published (updated )
CVE-2025-13985
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Drupal Mini siteMini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

Risk 34
Severity
5.4
First published (updated )
CVE-2025-13979

Drupal Drupal Commerce PayboxPayment bypass in Commerce Paybox

Risk 47
Severity
8.7
First published (updated )
CVE-2026-0750

Drupal FlagXSS in Drupal 7 Flag Module

Risk 34
Severity
5.4
First published (updated )
CVE-2025-14556

Drupal Drupal 11.3End of life details

EOL
Dec 16, 2026
Support Ends
Jun 16, 2026
First published (updated )
EOL-drupal-11.3

Drupal Drupal 10.6End of life details

EOL
Dec 16, 2026
Support Ends
Jun 16, 2026
First published (updated )
EOL-drupal-10.6
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203