Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2025-61730
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-01-28
CVE-2025-13986
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3.
CVSS Score
4.2
EPSS Score
0.0
Published
2026-01-28
CVE-2025-14472
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-28
CVE-2025-14840
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-28
CVE-2025-13979
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-28
CVE-2025-13980
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.
CVSS Score
5.3
EPSS Score
0.001
Published
2026-01-28
CVE-2025-13981
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-01-28
CVE-2025-13982
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-01-28
CVE-2025-13983
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.44.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-28
CVE-2025-13984
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-01-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved