Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-2374
Drupal 5.x prior to 5.19 and 6.x prior to 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from...
Drupal Drupal
NA
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
7.5
CVSSv3
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSO...
Drupal Drupal
9.8
CVSSv3
CVE-2017-6925
In versions of Drupal 8 core before 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access r...
Drupal Drupal
9.8
CVSSv3
CVE-2019-6342
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Drupal Drupal 8.7.4
5.3
CVSSv3
CVE-2020-13667
Access bypass vulnerability in of Drupal Core Workspaces allows an malicious user to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker...
Drupal Drupal
7.5
CVSSv3
CVE-2022-25275
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private&...
Drupal Drupal
6.1
CVSSv3
CVE-2020-13672
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions before 9.1.7; 9.0.x versions before 9.0.12; 8.9.x versions before 8.9.14; 7.x ...
Drupal Drupal
6.5
CVSSv3
CVE-2017-6931
In Drupal versions 8.4.x versions prior to 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks ...
Drupal Drupal
5.3
CVSSv3
CVE-2017-6928
Drupal core 7.x versions prior to 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access...
Drupal Drupal
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »