Feed live

The CMS vulnerability ledger.

Every published CVE that touches a CMS, plugin, theme, or page builder — indexed, scored, and cross-referenced against the components running on your sites.

Total CVEs tracked

335,499

All time

Critical · Active

10,538

CVSS ≥ 9.0

New · 14 days

707

Newly disclosed

Feed last synced

4 hrs ago

Data freshness

Showing 1–30 CVEs

Sorted by Published · Newest first

CVE ID	Severity	CVSS	Title	Published
CVE-2026-4093	medium	5.1/10	Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)	May 21, 2026 1mo ago
CVE-2026-4929	medium	5.1/10	Simple Hierarchical Select (Drupal 7) XSS in term-derived output	May 21, 2026 1mo ago
CVE-2026-9082	critical	9.8/10	Drupal core - Highly critical - SQL injection - SA-CORE-2026-004	May 20, 2026 1mo ago
CVE-2026-8492	—	—	Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035	May 19, 2026 1mo ago
CVE-2026-6367	—	—	Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003	May 19, 2026 1mo ago
CVE-2026-6366	—	—	Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002	May 19, 2026 1mo ago
CVE-2026-6365	—	—	Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001	May 19, 2026 1mo ago
CVE-2022-50957	medium	5.1/10	Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS	May 10, 2026 1mo ago
CVE-2026-0748	medium	5.3/10	Access bypass in Drupal 7 i18n_node translation UI	Mar 26, 2026 3mo ago
CVE-2026-3216	—	—	Drupal Canvas - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-017	Mar 25, 2026 3mo ago
CVE-2026-1553	—	—	Drupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006	Feb 4, 2026 4mo ago
CVE-2026-0749	medium	4.8/10	Cross-Site Scripting Vulnerability in Drupal Form Builder Module	Jan 28, 2026 4mo ago
CVE-2025-14557	medium	4.8/10	XSS in Drupal 7 Facebook Pixel Module	Jan 14, 2026 5mo ago
CVE-2025-14556	medium	4.8/10	XSS in Drupal 7 Flag Module	Jan 14, 2026 5mo ago
CVE-2025-13083	—	—	Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008	Nov 18, 2025 7mo ago
CVE-2025-13082	—	—	Drupal core - Moderately critical - Defacement - SA-CORE-2025-007	Nov 18, 2025 7mo ago
CVE-2025-13081	—	—	Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006	Nov 18, 2025 7mo ago
CVE-2025-13080	—	—	Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005	Nov 18, 2025 7mo ago
CVE-2025-7716	—	—	Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091	Jul 21, 2025 11mo ago
CVE-2025-48294	medium	4.4/10	WordPress FG Drupal to WordPress plugin <= 3.90.0 - Server Side Request Forgery (SSRF) Vulnerability	Jul 16, 2025 11mo ago
CVE-2025-6675	—	—	Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082	Jun 26, 2025 1y ago
CVE-2025-47710	—	—	Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056	May 14, 2025 1y ago
CVE-2025-47709	—	—	Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-055	May 14, 2025 1y ago
CVE-2025-47708	—	—	Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054	May 14, 2025 1y ago
CVE-2025-47707	—	—	Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-053	May 14, 2025 1y ago
CVE-2025-47706	—	—	Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052	May 14, 2025 1y ago
CVE-2025-3739	—	—	Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040	Apr 16, 2025 1y ago
CVE-2025-3062	—	—	Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010	Mar 31, 2025 1y ago
CVE-2025-31675	—	—	Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004	Mar 31, 2025 1y ago
CVE-2025-31674	—	—	Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003	Mar 31, 2025 1y ago