Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
8.8
CVSSv3
CVE-2018-1000888
PEAR Archive_Tar version 1.4.3 and previous versions contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called witho...
Php Pear Archive Tar
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 EDB exploit
1 Article
8.8
CVSSv3
CVE-2014-9502
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x prior to 7.x-2.26 for Drupal allow remote malicious users to hijack the authentication of unknown victims via vectors related to menu callbacks.
Open Atrium Project Open Atrium 7.x-2.0
Open Atrium Project Open Atrium
8.8
CVSSv3
CVE-2016-6211
The User module in Drupal 7.x prior to 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form.
Drupal Drupal 7.0
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.29
Drupal Drupal 7.3
Drupal Drupal 7.36
Drupal Drupal 7.37
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.39
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 7.30
Drupal Drupal 7.31
Drupal Drupal 7.38
Drupal Drupal 7.4
Drupal Drupal 7.9
Drupal Drupal 7.x-dev
8.1
CVSSv3
CVE-2022-29248
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a ...
Guzzlephp Guzzle
Drupal Drupal
Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x prior to 8.5.11 and Drupal 8.6.x prior to 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site ...
Drupal Drupal
3 EDB exploits
27 Github repositories
1 Article
8.1
CVSSv3
CVE-2017-6926
In Drupal versions 8.4.x versions prior to 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be...
Drupal Drupal
8.1
CVSSv3
CVE-2017-6930
In Drupal versions 8.4.x versions prior to 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of ...
Drupal Drupal
8.1
CVSSv3
CVE-2017-6381
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. ...
Drupal Drupal 8.0.0
Drupal Drupal 8.0.6
Drupal Drupal 8.1.0
Drupal Drupal 8.1.3
Drupal Drupal 8.1.4
Drupal Drupal 8.2.0
Drupal Drupal 8.0.4
Drupal Drupal 8.0.5
Drupal Drupal 8.1.10
Drupal Drupal 8.1.2
Drupal Drupal 8.1.9
Drupal Drupal 8.0.1
Drupal Drupal 8.1.5
Drupal Drupal 8.1.6
Drupal Drupal 8.0.2
Drupal Drupal 8.0.3
Drupal Drupal 8.1.1
Drupal Drupal 8.1.7
Drupal Drupal 8.1.8
Drupal Drupal 8.2.1
8.1
CVSSv3
CVE-2016-5385
PHP up to and including 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirec...
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Communications User Data Repository 10.0.1
Oracle Linux 6
Oracle Linux 7
Oracle Communications User Data Repository 12.0.0
Oracle Communications User Data Repository 10.0.0
Fedoraproject Fedora 24
Fedoraproject Fedora 23
Hp Storeever Msl6480 Tape Library Firmware
Hp System Management Homepage
Php Php
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 8.0
Opensuse Leap 42.1
Drupal Drupal
1 Github repository
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »