Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-3214
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3215
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3216
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3217
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-25
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization
CVSS Score
9.8
EPSS Score
0.004
Published
2026-03-25
CVE-2026-26833
thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-03-25
CVE-2026-2348
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-2349
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3210
Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-25
CVE-2026-24750
Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch.
CVSS Score
7.6
EPSS Score
0.0
Published
2026-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved