Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal project vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2014-9023
The Twilio module 7.x-1.x prior to 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission...
Twilio Project Twilio 7.x-1.1
Twilio Project Twilio 7.x-1.2
Twilio Project Twilio 7.x-1.4
Twilio Project Twilio 7.x-1.5
Twilio Project Twilio 7.x-1.8
Twilio Project Twilio 7.x-1.6
Twilio Project Twilio 7.x-1.9
5
CVSSv2
CVE-2015-4394
The Services module 7.x-3.x prior to 7.x-3.12 for Drupal allows remote malicious users to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
Services Project Services 7.x-3.11
Services Project Services 7.x-3.10
Services Project Services 7.x-3.7
Services Project Services 7.x-3.2
Services Project Services 7.x-3.1
Services Project Services 7.x-3.0
Services Project Services 7.x-3.5
Services Project Services 7.x-3.3
Services Project Services 7.x-3.6
Services Project Services 7.x-3.4
4.3
CVSSv2
CVE-2008-1977
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x prior to 5.x-2.3 and 5.x-1.1, and 6.x prior to 6.x-1.0 beta 1, allows remote malicious users to change node translation relationships via unspecified vectors.
Localizer Project Localizer 5.x-1.x
Localizer Project Localizer 5.x-2.x
Localizer Project Localizer 5.x-3.0
Localizer Project Localizer 5.x-3.1
Localizer Project Localizer 5.x-1.3
Localizer Project Localizer 5.x-1.4
Localizer Project Localizer 5.x-1.5
Localizer Project Localizer 5.x-1.6
Localizer Project Localizer 5.x-1.1
Localizer Project Localizer 5.x-1.8
Localizer Project Localizer 5.x-1.10
Localizer Project Localizer 5.x-3.2
Localizer Project Localizer 5.x-1.0
Localizer Project Localizer 5.x-1.2
Localizer Project Localizer 5.x-1.7
Localizer Project Localizer 5.x-1.9
Localizer Project Localizer 5.x-3.3
Internationalization Project Internationalization 5.x-1.x
Internationalization Project Internationalization 5.x-2.0
Internationalization Project Internationalization 5.x-2.1
Internationalization Project Internationalization 5.x-2.2
Internationalization Project Internationalization 5.x-1.0
6
CVSSv2
CVE-2015-4393
The resource/endpoint for uploading files in the Services module 7.x-3.x prior to 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.
Services Project Services 7.x-3.0
Services Project Services 7.x-3.4
Services Project Services 7.x-3.5
Services Project Services 7.x-3.6
Services Project Services 7.x-3.7
Services Project Services 7.x-3.10
Services Project Services 7.x-3.2
Services Project Services 7.x-3.1
Services Project Services 7.x-3.11
Services Project Services 7.x-3.3
Services Project Services 7.x-3.9
7.5
CVSSv2
CVE-2013-7406
SQL injection vulnerability in the MRBS module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mrbs Project Mrbs 1.4.8
Mrbs Project Mrbs 1.4.0
4
CVSSv2
CVE-2015-3379
The Views module prior to 6.x-2.18, 6.x-3.x prior to 6.x-3.2, and 7.x-3.x prior to 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Views Project Views 6.x-3.0
Views Project Views 7.x-3.6
Views Project Views 7.x-3.7
Views Project Views 7.x-3.8
Views Project Views 7.x-3.x
Views Project Views 7.x-3.0
Views Project Views 7.x-3.1
Views Project Views
Views Project Views 7.x-3.2
Views Project Views 7.x-3.4
Views Project Views 7.x-3.3
Views Project Views 7.x-3.5
3.5
CVSSv2
CVE-2015-7881
The Colorbox module 7.x-2.x prior to 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
Colorbox Project Colorbox 7.x-2.4
Colorbox Project Colorbox 7.x-2.6
Colorbox Project Colorbox 7.x-2.8
Colorbox Project Colorbox 7.x-2.9
Colorbox Project Colorbox 7.x-2.0
Colorbox Project Colorbox 7.x-2.1
Colorbox Project Colorbox 7.x-2.2
Colorbox Project Colorbox 7.x-2.3
Colorbox Project Colorbox 7.x-2.5
Colorbox Project Colorbox 7.x-2.7
3.5
CVSSv2
CVE-2015-4374
Cross-site scripting (XSS) vulnerability in the Webform module prior to 6.x-3.23, 7.x-3.x prior to 7.x-3.23, and 7.x-4.x prior to 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recip...
Webform Project Webform 7.x-3.7
Webform Project Webform 7.x-3.6
Webform Project Webform 7.x-3.5
Webform Project Webform 7.x-3.4
Webform Project Webform 7.x-3.12
Webform Project Webform 7.x-3.11
Webform Project Webform 7.x-3.10
Webform Project Webform 7.x-3.1
Webform Project Webform 7.x-3.0
Webform Project Webform 7.x-4.4
Webform Project Webform 7.x-4.3
Webform Project Webform 7.x-3.22
Webform Project Webform 7.x-3.19
Webform Project Webform 7.x-3.18
Webform Project Webform 7.x-3.17
Webform Project Webform 7.x-4.1
Webform Project Webform 7.x-3.9
Webform Project Webform 7.x-3.2
Webform Project Webform 7.x-3.21
Webform Project Webform 7.x-3.16
Webform Project Webform 7.x-3.14
Webform Project Webform
3.5
CVSSv2
CVE-2014-8318
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x prior to 6.x-3.20, 7.x-3.x prior to 7.x-3.20, and 7.x-4.x prior to 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label t...
Webform Project Webform 6.x-3.2
Webform Project Webform 6.x-3.3
Webform Project Webform 6.x-3.11
Webform Project Webform 6.x-3.12
Webform Project Webform 6.x-3.19
Webform Project Webform 7.x-3.0
Webform Project Webform 7.x-3.7
Webform Project Webform 7.x-3.8
Webform Project Webform 6.x-3.0
Webform Project Webform 6.x-3.1
Webform Project Webform 6.x-3.9
Webform Project Webform 6.x-3.10
Webform Project Webform 6.x-3.17
Webform Project Webform 6.x-3.18
Webform Project Webform 7.x-3.5
Webform Project Webform 7.x-3.6
Webform Project Webform 7.x-3.14
Webform Project Webform 7.x-3.15
Webform Project Webform 6.x-3.7
Webform Project Webform 6.x-3.8
Webform Project Webform 6.x-3.15
Webform Project Webform 6.x-3.16
3.5
CVSSv2
CVE-2016-1913
Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x prior to 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3)...
Redhen Project Redhen 7.x-1.0
Redhen Project Redhen 7.x-1.3
Redhen Project Redhen 7.x-1.10
Redhen Project Redhen 7.x-1.x
Redhen Project Redhen 7.x-1.4
Redhen Project Redhen 7.x-1.2
Redhen Project Redhen 7.x-1.1
Redhen Project Redhen 7.x-1.8
Redhen Project Redhen 7.x-1.7
Redhen Project Redhen 7.x-1.6
Redhen Project Redhen 7.x-1.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »