Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities
CVE-2026-3218
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2.
CVSS Score
4.8
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3211
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3212
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Tagify allows Cross-Site Scripting (XSS).This issue affects Tagify: from 0.0.0 before 1.2.49.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3213
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0.
CVSS Score
4.7
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3214
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CAPTCHA allows Functionality Bypass.This issue affects CAPTCHA: from 0.0.0 before 1.17.0, from 2.0.0 before 2.0.10.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3215
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3216
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1.
CVSS Score
5.0
EPSS Score
0.0
Published
2026-03-25
CVE-2026-3217
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-25
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization
CVSS Score
9.8
EPSS Score
0.004
Published
2026-03-25
CVE-2026-26833
thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved