Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal project vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2014-9023
The Twilio module 7.x-1.x prior to 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the "access administration pages" Drupal permission...
Twilio Project Twilio 7.x-1.1
Twilio Project Twilio 7.x-1.2
Twilio Project Twilio 7.x-1.4
Twilio Project Twilio 7.x-1.5
Twilio Project Twilio 7.x-1.8
Twilio Project Twilio 7.x-1.6
Twilio Project Twilio 7.x-1.9
445
VMScore
CVE-2015-4394
The Services module 7.x-3.x prior to 7.x-3.12 for Drupal allows remote malicious users to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
Services Project Services 7.x-3.11
Services Project Services 7.x-3.10
Services Project Services 7.x-3.7
Services Project Services 7.x-3.2
Services Project Services 7.x-3.1
Services Project Services 7.x-3.0
Services Project Services 7.x-3.5
Services Project Services 7.x-3.3
Services Project Services 7.x-3.6
Services Project Services 7.x-3.4
383
VMScore
CVE-2008-1977
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x prior to 5.x-2.3 and 5.x-1.1, and 6.x prior to 6.x-1.0 beta 1, allows remote malicious users to change node translation relationships via unspecified vectors.
Localizer Project Localizer 5.x-1.x
Localizer Project Localizer 5.x-2.x
Localizer Project Localizer 5.x-3.0
Localizer Project Localizer 5.x-3.1
Localizer Project Localizer 5.x-1.3
Localizer Project Localizer 5.x-1.4
Localizer Project Localizer 5.x-1.5
Localizer Project Localizer 5.x-1.6
Localizer Project Localizer 5.x-1.1
Localizer Project Localizer 5.x-1.8
Localizer Project Localizer 5.x-1.10
Localizer Project Localizer 5.x-3.2
Localizer Project Localizer 5.x-1.0
Localizer Project Localizer 5.x-1.2
Localizer Project Localizer 5.x-1.7
Localizer Project Localizer 5.x-1.9
Localizer Project Localizer 5.x-3.3
Internationalization Project Internationalization 5.x-1.x
Internationalization Project Internationalization 5.x-2.0
Internationalization Project Internationalization 5.x-2.1
Internationalization Project Internationalization 5.x-2.2
Internationalization Project Internationalization 5.x-1.0
534
VMScore
CVE-2015-4393
The resource/endpoint for uploading files in the Services module 7.x-3.x prior to 7.x-3.12 for Drupal allows remote authenticated users with the "Save file information" permission to execute arbitrary code via a crafted filename.
Services Project Services 7.x-3.0
Services Project Services 7.x-3.4
Services Project Services 7.x-3.5
Services Project Services 7.x-3.6
Services Project Services 7.x-3.7
Services Project Services 7.x-3.10
Services Project Services 7.x-3.2
Services Project Services 7.x-3.1
Services Project Services 7.x-3.11
Services Project Services 7.x-3.3
Services Project Services 7.x-3.9
356
VMScore
CVE-2015-3379
The Views module prior to 6.x-2.18, 6.x-3.x prior to 6.x-3.2, and 7.x-3.x prior to 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Views Project Views 6.x-3.0
Views Project Views 7.x-3.6
Views Project Views 7.x-3.7
Views Project Views 7.x-3.8
Views Project Views 7.x-3.x
Views Project Views 7.x-3.0
Views Project Views 7.x-3.1
Views Project Views
Views Project Views 7.x-3.2
Views Project Views 7.x-3.4
Views Project Views 7.x-3.3
Views Project Views 7.x-3.5
312
VMScore
CVE-2015-7881
The Colorbox module 7.x-2.x prior to 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
Colorbox Project Colorbox 7.x-2.4
Colorbox Project Colorbox 7.x-2.6
Colorbox Project Colorbox 7.x-2.8
Colorbox Project Colorbox 7.x-2.9
Colorbox Project Colorbox 7.x-2.0
Colorbox Project Colorbox 7.x-2.1
Colorbox Project Colorbox 7.x-2.2
Colorbox Project Colorbox 7.x-2.3
Colorbox Project Colorbox 7.x-2.5
Colorbox Project Colorbox 7.x-2.7
312
VMScore
CVE-2014-8318
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x prior to 6.x-3.20, 7.x-3.x prior to 7.x-3.20, and 7.x-4.x prior to 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a field label t...
Webform Project Webform 6.x-3.2
Webform Project Webform 6.x-3.3
Webform Project Webform 6.x-3.11
Webform Project Webform 6.x-3.12
Webform Project Webform 6.x-3.19
Webform Project Webform 7.x-3.0
Webform Project Webform 7.x-3.7
Webform Project Webform 7.x-3.8
Webform Project Webform 6.x-3.0
Webform Project Webform 6.x-3.1
Webform Project Webform 6.x-3.9
Webform Project Webform 6.x-3.10
Webform Project Webform 6.x-3.17
Webform Project Webform 6.x-3.18
Webform Project Webform 7.x-3.5
Webform Project Webform 7.x-3.6
Webform Project Webform 7.x-3.14
Webform Project Webform 7.x-3.15
Webform Project Webform 6.x-3.7
Webform Project Webform 6.x-3.8
Webform Project Webform 6.x-3.15
Webform Project Webform 6.x-3.16
312
VMScore
CVE-2015-4374
Cross-site scripting (XSS) vulnerability in the Webform module prior to 6.x-3.23, 7.x-3.x prior to 7.x-3.23, and 7.x-4.x prior to 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name in the recip...
Webform Project Webform 7.x-3.7
Webform Project Webform 7.x-3.6
Webform Project Webform 7.x-3.5
Webform Project Webform 7.x-3.4
Webform Project Webform 7.x-3.12
Webform Project Webform 7.x-3.11
Webform Project Webform 7.x-3.10
Webform Project Webform 7.x-3.1
Webform Project Webform 7.x-3.0
Webform Project Webform 7.x-4.4
Webform Project Webform 7.x-4.3
Webform Project Webform 7.x-3.22
Webform Project Webform 7.x-3.19
Webform Project Webform 7.x-3.18
Webform Project Webform 7.x-3.17
Webform Project Webform 7.x-4.1
Webform Project Webform 7.x-3.9
Webform Project Webform 7.x-3.2
Webform Project Webform 7.x-3.21
Webform Project Webform 7.x-3.16
Webform Project Webform 7.x-3.14
Webform Project Webform
668
VMScore
CVE-2013-7406
SQL injection vulnerability in the MRBS module for Drupal allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Mrbs Project Mrbs 1.4.8
Mrbs Project Mrbs 1.4.0
312
VMScore
CVE-2015-4357
Cross-site scripting (XSS) vulnerability in the Webform module prior to 6.x-3.22, 7.x-3.x prior to 7.x-3.22, and 7.x-4.x prior to 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title, which is used a...
Webform Project Webform 7.x-3.0
Webform Project Webform 7.x-3.1
Webform Project Webform 7.x-3.10
Webform Project Webform 7.x-3.11
Webform Project Webform 7.x-4.3
Webform Project Webform 7.x-3.9
Webform Project Webform 7.x-3.8
Webform Project Webform 7.x-3.7
Webform Project Webform 7.x-3.20
Webform Project Webform 7.x-3.21
Webform Project Webform 7.x-3.19
Webform Project Webform 7.x-3.18
Webform Project Webform 7.x-4.0
Webform Project Webform 7.x-4.2
Webform Project Webform 7.x-3.6
Webform Project Webform 7.x-3.4
Webform Project Webform 7.x-3.13
Webform Project Webform 7.x-3.15
Webform Project Webform 7.x-3.16
Webform Project Webform 7.x-4.1
Webform Project Webform 7.x-3.5
Webform Project Webform 7.x-3.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »