Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2009-2374
Drupal 5.x prior to 5.19 and 6.x prior to 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from...
Drupal Drupal
802
VMScore
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x prior to 7.32 does not properly construct prepared statements, which allows remote malicious users to conduct SQL injection attacks via an array containing crafted keys.
Drupal Drupal
Debian Debian Linux 7.0
4 EDB exploits
2 Nmap scripts
5 Github repositories
2 Articles
NA
CVE-2023-5256
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSO...
Drupal Drupal
668
VMScore
CVE-2017-6925
In versions of Drupal 8 core before 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access r...
Drupal Drupal
605
VMScore
CVE-2019-6342
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
Drupal Drupal 8.7.4
383
VMScore
CVE-2020-13667
Access bypass vulnerability in of Drupal Core Workspaces allows an malicious user to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker...
Drupal Drupal
NA
CVE-2022-25275
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private&...
Drupal Drupal
231
VMScore
CVE-2020-13672
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions before 9.1.7; 9.0.x versions before 9.0.12; 8.9.x versions before 8.9.14; 7.x ...
Drupal Drupal
356
VMScore
CVE-2017-6931
In Drupal versions 8.4.x versions prior to 8.4.5 the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for. If you have implemented a Settings Tray form in contrib or a custom module, the correct access checks ...
Drupal Drupal
312
VMScore
CVE-2017-6928
Drupal core 7.x versions prior to 7.57 when using Drupal's private file system, Drupal will check to make sure a user has access to a file before allowing the user to view or download it. This check fails under certain conditions in which one module is trying to grant access...
Drupal Drupal
Debian Debian Linux 9.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »