Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2022-29248
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a ...
Guzzlephp Guzzle
Drupal Drupal
Debian Debian Linux 11.0
446
VMScore
CVE-2022-24775
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions before 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds...
Drupal Drupal
Guzzlephp Psr-7
445
VMScore
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop r...
Ckeditor Ckeditor
Drupal Drupal
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Commerce Merchandising 11.3.2
Oracle Financial Services Trade-based Anti Money Laundering 8.0.7
Oracle Financial Services Trade-based Anti Money Laundering 8.0.8
Fedoraproject Fedora 36
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1.0
Oracle Application Express
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.1
Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform 8.0.8.0
Oracle Financial Services Behavior Detection Platform 8.0.7.0
Fedoraproject Fedora 37
312
VMScore
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing ...
Ckeditor Ckeditor
Drupal Drupal
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Commerce Merchandising 11.3.2
Oracle Financial Services Trade-based Anti Money Laundering 8.0.7
Oracle Financial Services Trade-based Anti Money Laundering 8.0.8
Fedoraproject Fedora 36
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1.0
Oracle Application Express
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.1
Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform 8.0.8.0
Oracle Financial Services Behavior Detection Platform 8.0.7.0
Fedoraproject Fedora 37
356
VMScore
CVE-2022-25270
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which...
Drupal Drupal
383
VMScore
CVE-2022-25271
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an malicious user to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain ca...
Drupal Drupal
Fedoraproject Fedora 35
Fedoraproject Fedora 36
383
VMScore
CVE-2020-13668
Access Bypass vulnerability in Drupal Core allows for an malicious user to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions before 8.8.10; 8.9.x versions before 8.9.6; 9.0.x versions be...
Drupal Drupal
383
VMScore
CVE-2020-13669
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows malicious user to inject XSS. This issue affects: Drupal Core 8.8.x versions before 8.8.10.; 8.9.x versions before 8.9.6; 9.0.x versions before 9.0.6.
Drupal Drupal
445
VMScore
CVE-2020-13670
Information Disclosure vulnerability in file module of Drupal Core allows an malicious user to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions before 8.8.10...
Drupal Drupal
231
VMScore
CVE-2020-13673
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this c...
Drupal Entity Embed 8.x-1.0
Drupal Entity Embed 8.x-1.1
Drupal Entity Embed 8.x-1.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »