These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects TFA Basic Plugins: from 7.x-1.0 through 7.x-1.2.
A privilege escalation vulnerability exists in the Drupal SAML SSO - Service Provider module. The flaw stems from an improper check for unusual or exceptional conditions (CWE-754), allowing attackers to escalate privileges. Affected versions span from 0.0.0 through 3.1.3; version 3.1.4 contains the fix. The vulnerability was disclosed via official Drupal security advisory SA-CONTRIB-2026-031 on 2026-05-28 [truncated]
CVE-2026-9082 is a SQL injection issue in Drupal core recorded by NVD on 2026-05-20. The NVD entry rates it CVSS 6.5 (Medium) and lists network access, no privileges, no user interaction, and low attack complexity. Drupal’s referenced advisory identifies affected core release lines and fixed versions, so administrators should treat this as a patch-priority issue for exposed Drupal installations.
CVE-2026-4929 is a medium-severity cross-site scripting issue in Simple Hierarchical Select (SHS) for Drupal 7. The problem comes from improper output escaping of term-derived text, which can be rendered unsafely in affected output paths. The confirmed impacted code paths in the source corpus are the field formatter output path (shs_field_formatter_view) and the term-tree child-term data generation path ( [truncated]
CVE-2026-4093 is a stored cross-site scripting issue in the Drupal 7 Term Reference Tree module. The NVD record was published and last modified on 2026-05-21. Two rendering-path vectors are described: one when Token module display templates render attacker-controlled token output without proper sanitization, and another when taxonomy term labels are rendered unsanitized in the widget. The issue affects 7. [truncated]
CVE-2026-8495 is a critical missing-authorization issue in Drupal Date iCal that can allow forceful browsing of content or endpoints that should not be accessible without proper authorization. The advisory states that Date iCal versions from 0.0.0 before 4.0.15 are affected. Because the CVSS vector is network-reachable and requires no privileges or user interaction, affected deployments should treat this [truncated]
CVE-2026-8492 is a low-severity Modification of Assumed-Immutable Data (MAID) issue affecting Translate Drupal with GTranslate versions before 3.0.5. According to the published description, the flaw can lead to Resource Location Spoofing, which may cause users or systems to trust a misleading resource location. The NVD entry is still marked "Undergoing Analysis," so defensive teams should treat the curren [truncated]
CVE-2026-8491 is a low-severity issue in Drupal Node View Permissions that can allow forceful browsing due to an improper check for unusual or exceptional conditions. The affected ranges are from 0.0.0 before 1.7.0 and from 2.0.0 before 2.0.1. The supplied NVD record lists the vulnerability as undergoing analysis and points to the Drupal advisory as the primary reference.
CVE-2026-6871 is a cross-site scripting (XSS) issue in Drupal Obfuscate affecting versions from 0.0.0 before 2.0.2. The NVD record maps it to CWE-79 and rates it Medium, with a network-reachable attack path that requires user interaction. For organizations using the module, the main risk is client-side script execution in a trusted web context, which can affect confidentiality and integrity.
CVE-2026-6367 is a cross-site scripting (XSS) vulnerability in Drupal core affecting version 11.3.0 through versions before 11.3.7. The NVD record assigns a CVSS 3.1 score of 6.1 (Medium) and lists CWE-79. Because the vector includes network attack surface and user interaction, administrators should prioritize upgrading affected Drupal installations to 11.3.7 or later.
CVE-2026-6365 is a Drupal core cross-site scripting (XSS) vulnerability (CWE-79) disclosed in the official NVD record and linked vendor advisory. NVD rates it CVSS 6.1/Medium, with network attack vector, low complexity, no privileges required, and user interaction required. Affected Drupal core versions include 8.0.0 before 10.5.9, 10.6.0 before 10.6.7, 11.0.0 before 11.2.11, and 11.3.0 before 11.3.7.
CVE-2022-50957 is a reflected cross-site scripting (XSS) vulnerability associated with Drupal’s avatar_uploader 7.x-1.0-beta8. According to the NVD record and the referenced VulnCheck disclosure, an unauthenticated attacker can manipulate the file parameter in avatar_uploader.pages.inc to inject script content that executes in a victim’s browser. The issue is rated medium severity (CVSS 5.1) and is user-i [truncated]
CVE-2018-7602 is a Drupal Core remote code execution vulnerability that CISA has added to its Known Exploited Vulnerabilities catalog. Because CISA also marks it as having known ransomware campaign use, it should be treated as a high-priority remediation item for any environment running Drupal Core. The supplied official sources direct defenders to apply vendor updates and verify remediation across all af [truncated]
CVE-2019-6340 affects Drupal Core and is identified by CISA as a Known Exploited Vulnerability (KEV). That means defenders should treat it as actively exploited and prioritize remediation on any exposed Drupal Core deployment. The supplied sources do not provide deeper technical detail, so the safest response is rapid patching, exposure reduction, and validation of affected systems.
CVE-2020-13671 is a Drupal core vulnerability described as an unrestricted file upload issue. It was added to CISA’s Known Exploited Vulnerabilities catalog on 2022-01-18, which means defenders should treat it as actively important to remediate. The supplied CISA record directs organizations to apply updates per vendor instructions.
CISA added CVE-2018-7600 to the Known Exploited Vulnerabilities catalog on 2021-11-03 and listed remediation as due by 2022-05-03. The supplied sources identify it as a Drupal Core remote code execution vulnerability, and CISA also marks it as having known ransomware campaign use. For any environment running Drupal Core, this should be treated as an urgent patching and exposure-review item.