Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-6339
In Drupal Core versions 7.x before 7.62, 8.6.x before 8.6.6 and 8.5.x before 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) ma...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
668
VMScore
CVE-2017-6925
In versions of Drupal 8 core before 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access r...
Drupal Drupal
668
VMScore
CVE-2017-6920
Drupal core 8 prior to 8.3.4 allows remote malicious users to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Drupal Drupal
2 Github repositories
668
VMScore
CVE-2014-5170
The Storage API module 7.x prior to 7.x-1.6 for Drupal might allow remote malicious users to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Drupal Storage Api 7.x-1.5
Drupal Storage Api 7.x-1.3
Drupal Storage Api 7.x-1.1
Drupal Storage Api 7.x-1.0
Drupal Storage Api 7.x-1.x-dev
Drupal Storage Api 7.x-1.4
Drupal Storage Api 7.x-1.2
668
VMScore
CVE-2015-7877
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x prior to 7.x-1.4 for Drupal allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
User Dashboard Project User Dashboard 7.x-1.x-dev
User Dashboard Project User Dashboard 7.x-1.3
User Dashboard Project User Dashboard 7.x-1.2
668
VMScore
CVE-2016-3188
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently ...
Prepopulate Project Prepopulate 7.x-2.x
Prepopulate Project Prepopulate 7.x-2.0
668
VMScore
CVE-2016-3187
The Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.
Prepopulate Project Prepopulate 7.x-2.0
Prepopulate Project Prepopulate 7.x-2.x
668
VMScore
CVE-2015-8082
The Login Disable module 6.x-1.x prior to 6.x-1.1 and 7.x-1.x prior to 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote malicious users to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demo...
Login Disable Project Login Disable 6.x-1.0
Login Disable Project Login Disable 7.x-1.0
Login Disable Project Login Disable 7.x-1.1
668
VMScore
CVE-2015-7876
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x prior to 7.x-1.4 does not properly escape certain characters, which allows remote malicious users to execute arbitrary SQL commands via vectors involving a module using the ...
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.0
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.1
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.2
Drupal 7 Driver For Sql Server And Sql Azure Project Drupal 7 Driver For Sql Server And Sql Azure 7.x-1.3
668
VMScore
CVE-2015-6659
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x prior to 7.39 allows remote malicious users to execute arbitrary SQL commands via an SQL comment.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.24
Drupal Drupal 7.25
Drupal Drupal 7.34
Drupal Drupal 7.35
Drupal Drupal 7.7
Drupal Drupal 7.8
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.22
Drupal Drupal 7.23
Drupal Drupal 7.3
Drupal Drupal 7.30
Drupal Drupal 7.33
Drupal Drupal 7.5
Drupal Drupal 7.6
Drupal Drupal 7.11
Drupal Drupal 7.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »