Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-13078
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3218
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3211
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3212
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3213
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3214
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3215
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3216
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3217
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-25
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization
CVSS Score
9.8
EPSS Score
0.004
Published
2026-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved