Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    20 vulnerabilities found for artificial_intelligence by artificial_intelligence_project

    CVE-2026-13237 (GCVE-0-2026-13237)

    Vulnerability from nvd – Published: 2026-07-10 21:44 – Updated: 2026-07-13 17:59
    VLAI
    Title
    AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
    Summary
    Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI Agents Affected: 0.0.0 , < 1.1.4 (semver)
    Affected: 1.2.0 , < 1.2.5 (semver)
    Affected: 1.3.0 , < 1.3.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:39
    Credits
    Andrew Belcher (andrewbelcher) Rob Edwards (rob_e) Andrew Belcher (andrewbelcher) Marcus Johansson (marcus_johansson) Rob Edwards (rob_e) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T17:56:55.672795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T17:59:44.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai_agents",
              "product": "AI Agents",
              "repo": "https://git.drupalcode.org/project/ai_agents",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.5",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrew Belcher (andrewbelcher)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Rob Edwards (rob_e)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher (andrewbelcher)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Rob Edwards (rob_e)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            }
          ],
          "datePublic": "2026-06-24T18:39:24.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:43.053Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-057"
            }
          ],
          "title": "AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13237",
        "datePublished": "2026-07-10T21:44:43.053Z",
        "dateReserved": "2026-06-24T18:00:10.666Z",
        "dateUpdated": "2026-07-13T17:59:44.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13236 (GCVE-0-2026-13236)

    Vulnerability from nvd – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:05
    VLAI
    Title
    AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056
    Summary
    Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI Agents Affected: 0.0.0 , < 1.1.4 (semver)
    Affected: 1.2.0 , < 1.2.5 (semver)
    Affected: 1.3.0 , < 1.3.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:38
    Credits
    Kuniyoshi Noguchi (kuninogu) Artem Dmitriiev (a.dmitriiev) AKHIL BABU (akhil babu) harivansh sharma (harivansh) Kuniyoshi Noguchi (kuninogu) Marcus Johansson (marcus_johansson) Bram Driesen (bramdriesen)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.2,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:04:57.983393Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:05:21.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai_agents",
              "product": "AI Agents",
              "repo": "https://git.drupalcode.org/project/ai_agents",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.5",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "AKHIL BABU (akhil babu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "harivansh sharma (harivansh)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            }
          ],
          "datePublic": "2026-06-24T18:38:33.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:42.158Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-056"
            }
          ],
          "title": "AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13236",
        "datePublished": "2026-07-10T21:44:42.158Z",
        "dateReserved": "2026-06-24T18:00:09.667Z",
        "dateUpdated": "2026-07-13T18:05:21.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13235 (GCVE-0-2026-13235)

    Vulnerability from nvd – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:06
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
    Summary
    Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.2.17 (semver)
    Affected: 1.3.0 , < 1.3.8 (semver)
    Affected: 1.4.0 , < 1.4.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:37
    Credits
    AKHIL BABU (akhil babu) Kuniyoshi Noguchi (kuninogu) Artem Dmitriiev (a.dmitriiev) Marcus Johansson (marcus_johansson) Dezső Biczó (mxr576) Valery Lourie (valthebald) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:06:25.605894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:06:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.2.17",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.8",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "AKHIL BABU (akhil babu)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Dezs\u00c5\u0091 Bicz\u00c3\u00b3 (mxr576)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Valery Lourie (valthebald)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            }
          ],
          "datePublic": "2026-06-24T18:37:45.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:41.284Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-055"
            }
          ],
          "title": "AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13235",
        "datePublished": "2026-07-10T21:44:41.284Z",
        "dateReserved": "2026-06-24T18:00:08.720Z",
        "dateUpdated": "2026-07-13T18:06:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3573 (GCVE-0-2026-3573)

    Vulnerability from nvd – Published: 2026-03-26 20:10 – Updated: 2026-03-30 14:54
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028
    Summary
    Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.1.11 (semver)
    Affected: 1.2.0 , < 1.2.12 (semver)
    Create a notification for this product.
    Date Public
    2026-03-11 16:33
    Credits
    Marcus Johansson (marcus_johansson) Artem Dmitriiev (a.dmitriiev) Abhisek Mazumdar (abhisekmazumdar) Dave Long (longwave) Marcus Johansson (marcus_johansson) Valery Lourie (valthebald) Greg Knaddison (greggles) Drew Webber (mcdruid) Jess (xjm)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T14:40:38.581589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T14:54:43.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.12",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Abhisek Mazumdar (abhisekmazumdar)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Dave Long (longwave)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Valery Lourie (valthebald)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jess  (xjm)"
            }
          ],
          "datePublic": "2026-03-11T16:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-240",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-240 Resource Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T20:10:13.350Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-028"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-3573",
        "datePublished": "2026-03-26T20:10:13.350Z",
        "dateReserved": "2026-03-04T21:17:43.868Z",
        "dateUpdated": "2026-03-30T14:54:43.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13981 (GCVE-0-2025-13981)

    Vulnerability from nvd – Published: 2026-01-28 20:01 – Updated: 2026-01-29 17:12
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119
    Summary
    Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.7 (semver)
    Affected: 1.1.0 , < 1.1.7 (semver)
    Affected: 1.2.0 , < 1.2.4 (semver)
    Create a notification for this product.
    Date Public
    2025-12-03 18:48
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10) Jess (xjm)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T17:12:42.119742Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T17:12:45.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.7",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.4",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jess  (xjm)"
            }
          ],
          "datePublic": "2025-12-03T18:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T20:01:32.915Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-119"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-13981",
        "datePublished": "2026-01-28T20:01:32.915Z",
        "dateReserved": "2025-12-03T17:04:21.182Z",
        "dateUpdated": "2026-01-29T17:12:45.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31693 (GCVE-0-2025-31693)

    Vulnerability from nvd – Published: 2025-03-31 21:51 – Updated: 2025-04-03 17:24
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.5 (semver)
    Create a notification for this product.
    Date Public
    2025-03-05 17:27
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Drew Webber (mcdruid) Drew Webber (mcdruid)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T17:23:57.837085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T17:24:33.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            }
          ],
          "datePublic": "2025-03-05T17:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:51:17.459Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31693",
        "datePublished": "2025-03-31T21:51:17.459Z",
        "dateReserved": "2025-03-31T21:30:25.064Z",
        "dateUpdated": "2025-04-03T17:24:33.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31692 (GCVE-0-2025-31692)

    Vulnerability from nvd – Published: 2025-03-31 21:50 – Updated: 2025-04-03 17:23
    VLAI
    Title
    AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.5 (semver)
    Create a notification for this product.
    Date Public
    2025-03-05 17:18
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Drew Webber (mcdruid) Michal Gow (seogow) Drew Webber (mcdruid)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31692",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T17:21:48.256020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T17:23:24.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Michal Gow (seogow)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            }
          ],
          "datePublic": "2025-03-05T17:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:50:34.673Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31692",
        "datePublished": "2025-03-31T21:50:34.673Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-03T17:23:24.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31678 (GCVE-0-2025-31678)

    Vulnerability from nvd – Published: 2025-03-31 21:38 – Updated: 2025-04-29 15:40
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004
    Summary
    Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.3 (semver)
    Create a notification for this product.
    Date Public
    2025-01-22 16:50
    Credits
    Mingsong Scott Euser Marcus Johansson Andrew Belcher Greg Knaddison Juraj Nemec Dave Long
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:40:32.282965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:40:38.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingsong"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Scott Euser"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Dave Long"
            }
          ],
          "datePublic": "2025-01-22T16:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:38:07.302Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31678",
        "datePublished": "2025-03-31T21:38:07.302Z",
        "dateReserved": "2025-03-31T21:30:04.615Z",
        "dateUpdated": "2025-04-29T15:40:38.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31677 (GCVE-0-2025-31677)

    Vulnerability from nvd – Published: 2025-03-31 21:37 – Updated: 2025-04-29 15:42
    VLAI
    Title
    AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 1.0.0 , < 1.0.2 (semver)
    Create a notification for this product.
    Date Public
    2025-01-15 15:58
    Credits
    Marcus Johansson Marcus Johansson Michal Gow Kevin Quillen Andrew Belcher Greg Knaddison Drew Webber Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31677",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T18:22:05.638481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:42:17.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.2",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Michal Gow"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Kevin Quillen"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2025-01-15T15:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:37:27.837Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-003"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31677",
        "datePublished": "2025-03-31T21:37:27.837Z",
        "dateReserved": "2025-03-31T21:30:04.614Z",
        "dateUpdated": "2025-04-29T15:42:17.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9501 (GCVE-0-2015-9501)

    Vulnerability from nvd – Published: 2019-10-22 21:01 – Updated: 2024-08-06 08:51
    VLAI
    Summary
    The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:51:05.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/7994"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-22T21:01:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/7994"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/7994",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/7994"
                },
                {
                  "name": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9501",
        "datePublished": "2019-10-22T21:01:17.000Z",
        "dateReserved": "2019-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:51:05.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-13237 (GCVE-0-2026-13237)

    Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 17:59
    VLAI
    Title
    AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057
    Summary
    Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI Agents Affected: 0.0.0 , < 1.1.4 (semver)
    Affected: 1.2.0 , < 1.2.5 (semver)
    Affected: 1.3.0 , < 1.3.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:39
    Credits
    Andrew Belcher (andrewbelcher) Rob Edwards (rob_e) Andrew Belcher (andrewbelcher) Marcus Johansson (marcus_johansson) Rob Edwards (rob_e) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T17:56:55.672795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T17:59:44.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai_agents",
              "product": "AI Agents",
              "repo": "https://git.drupalcode.org/project/ai_agents",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.5",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrew Belcher (andrewbelcher)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Rob Edwards (rob_e)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher (andrewbelcher)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Rob Edwards (rob_e)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            }
          ],
          "datePublic": "2026-06-24T18:39:24.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:43.053Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-057"
            }
          ],
          "title": "AI Agents - Moderately critical - Information disclosure, Access bypass - SA-CONTRIB-2026-057"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13237",
        "datePublished": "2026-07-10T21:44:43.053Z",
        "dateReserved": "2026-06-24T18:00:10.666Z",
        "dateUpdated": "2026-07-13T17:59:44.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13236 (GCVE-0-2026-13236)

    Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:05
    VLAI
    Title
    AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056
    Summary
    Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI Agents Affected: 0.0.0 , < 1.1.4 (semver)
    Affected: 1.2.0 , < 1.2.5 (semver)
    Affected: 1.3.0 , < 1.3.1 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:38
    Credits
    Kuniyoshi Noguchi (kuninogu) Artem Dmitriiev (a.dmitriiev) AKHIL BABU (akhil babu) harivansh sharma (harivansh) Kuniyoshi Noguchi (kuninogu) Marcus Johansson (marcus_johansson) Bram Driesen (bramdriesen)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.2,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13236",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:04:57.983393Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:05:21.307Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai_agents",
              "product": "AI Agents",
              "repo": "https://git.drupalcode.org/project/ai_agents",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.5",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.1",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "AKHIL BABU (akhil babu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "harivansh sharma (harivansh)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            }
          ],
          "datePublic": "2026-06-24T18:38:33.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:42.158Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-056"
            }
          ],
          "title": "AI Agents - Less critical - Access bypass - SA-CONTRIB-2026-056"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13236",
        "datePublished": "2026-07-10T21:44:42.158Z",
        "dateReserved": "2026-06-24T18:00:09.667Z",
        "dateUpdated": "2026-07-13T18:05:21.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13235 (GCVE-0-2026-13235)

    Vulnerability from cvelistv5 – Published: 2026-07-10 21:44 – Updated: 2026-07-13 18:06
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055
    Summary
    Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.2.17 (semver)
    Affected: 1.3.0 , < 1.3.8 (semver)
    Affected: 1.4.0 , < 1.4.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-24 18:37
    Credits
    AKHIL BABU (akhil babu) Kuniyoshi Noguchi (kuninogu) Artem Dmitriiev (a.dmitriiev) Marcus Johansson (marcus_johansson) Dezső Biczó (mxr576) Valery Lourie (valthebald) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 3.3,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13235",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:06:25.605894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:06:50.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.2.17",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.3.8",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.4.3",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "AKHIL BABU (akhil babu)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Kuniyoshi Noguchi (kuninogu)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Dezs\u00c5\u0091 Bicz\u00c3\u00b3 (mxr576)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Valery Lourie (valthebald)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            }
          ],
          "datePublic": "2026-06-24T18:37:45.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing. This issue affects AI (Artificial Intelligence) versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-10T21:44:41.284Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-055"
            }
          ],
          "title": "AI (Artificial Intelligence) - Moderately critical - Access bypass - SA-CONTRIB-2026-055"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-13235",
        "datePublished": "2026-07-10T21:44:41.284Z",
        "dateReserved": "2026-06-24T18:00:08.720Z",
        "dateUpdated": "2026-07-13T18:06:50.932Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3573 (GCVE-0-2026-3573)

    Vulnerability from cvelistv5 – Published: 2026-03-26 20:10 – Updated: 2026-03-30 14:54
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028
    Summary
    Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.1.11 (semver)
    Affected: 1.2.0 , < 1.2.12 (semver)
    Create a notification for this product.
    Date Public
    2026-03-11 16:33
    Credits
    Marcus Johansson (marcus_johansson) Artem Dmitriiev (a.dmitriiev) Abhisek Mazumdar (abhisekmazumdar) Dave Long (longwave) Marcus Johansson (marcus_johansson) Valery Lourie (valthebald) Greg Knaddison (greggles) Drew Webber (mcdruid) Jess (xjm)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T14:40:38.581589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T14:54:43.980Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.12",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Artem Dmitriiev (a.dmitriiev)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Abhisek Mazumdar (abhisekmazumdar)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Dave Long (longwave)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Valery Lourie (valthebald)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jess  (xjm)"
            }
          ],
          "datePublic": "2026-03-11T16:33:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12.\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Resource Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-240",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-240 Resource Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-26T20:10:13.350Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2026-028"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2026-3573",
        "datePublished": "2026-03-26T20:10:13.350Z",
        "dateReserved": "2026-03-04T21:17:43.868Z",
        "dateUpdated": "2026-03-30T14:54:43.980Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13981 (GCVE-0-2025-13981)

    Vulnerability from cvelistv5 – Published: 2026-01-28 20:01 – Updated: 2026-01-29 17:12
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119
    Summary
    Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.7 (semver)
    Affected: 1.1.0 , < 1.1.7 (semver)
    Affected: 1.2.0 , < 1.2.4 (semver)
    Create a notification for this product.
    Date Public
    2025-12-03 18:48
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Bram Driesen (bramdriesen) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10) Jess (xjm)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13981",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T17:12:42.119742Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T17:12:45.481Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.7",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.1.7",
                  "status": "affected",
                  "version": "1.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "1.2.4",
                  "status": "affected",
                  "version": "1.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Bram Driesen (bramdriesen)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec (poker10)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Jess  (xjm)"
            }
          ],
          "datePublic": "2025-12-03T18:48:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\"Cross-site Scripting\")",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T20:01:32.915Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-119"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-13981",
        "datePublished": "2026-01-28T20:01:32.915Z",
        "dateReserved": "2025-12-03T17:04:21.182Z",
        "dateUpdated": "2026-01-29T17:12:45.481Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31693 (GCVE-0-2025-31693)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:51 – Updated: 2025-04-03 17:24
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.5 (semver)
    Create a notification for this product.
    Date Public
    2025-03-05 17:27
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Drew Webber (mcdruid) Drew Webber (mcdruid)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T17:23:57.837085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T17:24:33.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            }
          ],
          "datePublic": "2025-03-05T17:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:51:17.459Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-022"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31693",
        "datePublished": "2025-03-31T21:51:17.459Z",
        "dateReserved": "2025-03-31T21:30:25.064Z",
        "dateUpdated": "2025-04-03T17:24:33.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31692 (GCVE-0-2025-31692)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:50 – Updated: 2025-04-03 17:23
    VLAI
    Title
    AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021
    Summary
    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.5 (semver)
    Create a notification for this product.
    Date Public
    2025-03-05 17:18
    Credits
    Drew Webber (mcdruid) Marcus Johansson (marcus_johansson) Drew Webber (mcdruid) Michal Gow (seogow) Drew Webber (mcdruid)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31692",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-03T17:21:48.256020Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-03T17:23:24.605Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson (marcus_johansson)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Drew Webber (mcdruid)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Michal Gow (seogow)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber (mcdruid)"
            }
          ],
          "datePublic": "2025-03-05T17:18:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:50:34.673Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-021"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31692",
        "datePublished": "2025-03-31T21:50:34.673Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-03T17:23:24.605Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31678 (GCVE-0-2025-31678)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:38 – Updated: 2025-04-29 15:40
    VLAI
    Title
    AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004
    Summary
    Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 0.0.0 , < 1.0.3 (semver)
    Create a notification for this product.
    Date Public
    2025-01-22 16:50
    Credits
    Mingsong Scott Euser Marcus Johansson Andrew Belcher Greg Knaddison Juraj Nemec Dave Long
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31678",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:40:32.282965Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:40:38.758Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.3",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mingsong"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Scott Euser"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Dave Long"
            }
          ],
          "datePublic": "2025-01-22T16:50:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:38:07.302Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31678",
        "datePublished": "2025-03-31T21:38:07.302Z",
        "dateReserved": "2025-03-31T21:30:04.615Z",
        "dateUpdated": "2025-04-29T15:40:38.758Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31677 (GCVE-0-2025-31677)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:37 – Updated: 2025-04-29 15:42
    VLAI
    Title
    AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal AI (Artificial Intelligence) Affected: 1.0.0 , < 1.0.2 (semver)
    Create a notification for this product.
    Date Public
    2025-01-15 15:58
    Credits
    Marcus Johansson Marcus Johansson Michal Gow Kevin Quillen Andrew Belcher Greg Knaddison Drew Webber Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31677",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-01T18:22:05.638481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:42:17.877Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/ai",
              "defaultStatus": "unaffected",
              "product": "AI (Artificial Intelligence)",
              "repo": "https://git.drupalcode.org/project/ai",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "1.0.2",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Marcus Johansson"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Michal Gow"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Kevin Quillen"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Andrew Belcher"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Drew Webber"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2025-01-15T15:58:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.\u003cp\u003eThis issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:37:27.837Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-003"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31677",
        "datePublished": "2025-03-31T21:37:27.837Z",
        "dateReserved": "2025-03-31T21:30:04.614Z",
        "dateUpdated": "2025-04-29T15:42:17.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9501 (GCVE-0-2015-9501)

    Vulnerability from cvelistv5 – Published: 2019-10-22 21:01 – Updated: 2024-08-06 08:51
    VLAI
    Summary
    The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:51:05.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpvulndb.com/vulnerabilities/7994"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-22T21:01:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpvulndb.com/vulnerabilities/7994"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9501",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpvulndb.com/vulnerabilities/7994",
                  "refsource": "MISC",
                  "url": "https://wpvulndb.com/vulnerabilities/7994"
                },
                {
                  "name": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9501",
        "datePublished": "2019-10-22T21:01:17.000Z",
        "dateReserved": "2019-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:51:05.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }