Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal 7.27 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2014-2983
Drupal 6.x prior to 6.31 and 7.x prior to 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
4.9
CVSSv2
CVE-2016-9451
Confirmation forms in Drupal 7.x prior to 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.40
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.41
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.4
Drupal Drupal 7.51
Drupal Drupal 7.28
Drupal Drupal 7.22
4.9
CVSSv2
CVE-2014-5020
The File module in Drupal 7.x prior to 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.28
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
4.3
CVSSv2
CVE-2015-6658
Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x prior to 6.37 and 7.x prior to 7.39 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, related to uploading files.
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 7.38
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
4.3
CVSSv2
CVE-2015-6665
Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x prior to 7.39 and the Ctools module 6.x-1.x prior to 6.x-1.14 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly rela...
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.38
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
4.3
CVSSv2
CVE-2015-3234
The OpenID module in Drupal 6.x prior to 6.36 and 7.x prior to 7.38 allows remote malicious users to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers.
Drupal Drupal 7.0
Drupal Drupal 6.0
Drupal Drupal 6.33
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 6.2
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 6.14
Drupal Drupal 6.24
Drupal Drupal 6.13
Drupal Drupal 6.25
Drupal Drupal 6.18
Drupal Drupal 7.3
Drupal Drupal 6.12
Drupal Drupal 6.32
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 6.4
1 Article
4.3
CVSSv2
CVE-2014-5022
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x prior to 7.29 allows remote malicious users to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.28
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
4
CVSSv2
CVE-2016-9449
The taxonomy module in Drupal 7.x prior to 7.52 and 8.x prior to 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
Drupal Drupal 8.0.0
Drupal Drupal 8.2.0
Drupal Drupal 8.1.0
Drupal Drupal 8.1.2
Drupal Drupal 8.1.6
Drupal Drupal 8.1.8
Drupal Drupal 8.1.9
Drupal Drupal 8.1.5
Drupal Drupal 8.1.10
Drupal Drupal 8.0.4
Drupal Drupal 8.0.5
Drupal Drupal 8.1.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.3
Drupal Drupal 8.1.7
Drupal Drupal 8.2.1
Drupal Drupal 8.0.1
Drupal Drupal 8.1.1
Drupal Drupal 8.1.4
Drupal Drupal 8.0.6
Drupal Drupal 8.2.2
Drupal Drupal 7.0
4
CVSSv2
CVE-2015-3231
The Render cache system in Drupal 7.x prior to 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.35
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.30
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.34
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.28
Drupal Drupal 7.22
1 Article
2.1
CVSSv2
CVE-2014-5021
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x prior to 6.32 and possibly 7.x prior to 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.3
Drupal Drupal 7.17
Drupal Drupal 7.8
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.27
Drupal Drupal 7.6
Drupal Drupal 7.12
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.x-dev
Drupal Drupal 7.28
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3