Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-4225
The RESTful Web Services (restws) module 7.x-1.x prior to 7.x-1.4 and 7.x-2.x prior to 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create ...
Restful Web Services Project Restful Web Services
Restful Web Services Project Restful Web Services 7.x-2.x
4
CVSSv2
CVE-2012-5570
The Basic webmail module 6.x-1.x prior to 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
Basic Webmail Project Basic Webmail 6.x-1.0
Basic Webmail Project Basic Webmail 6.x-1.1
Basic Webmail Project Basic Webmail 6.x-1.x
4.3
CVSSv2
CVE-2014-8338
Cross-site scripting (XSS) vulnerability in vwrooms/js/jsor-jcarousel/examples/special_textscroller.php in the VideoWhisper Webcam plugins for Drupal 7.x allows remote malicious users to inject arbitrary web script or HTML via a URL to a crafted SVG file in the feed parameter.
Videowhisper Webcam 7.x-1.7
7.5
CVSSv2
CVE-2013-2198
The Login Security module 6.x-1.x prior to 6.x-1.3 and 7.x-1.x prior to 7.x-1.3 for Drupal allows malicious users to bypass intended restrictions via a crafted username.
Login Security Project Login Security
Login Security Project Login Security 6.x-1.0
Login Security Project Login Security 6.x-1.x
Login Security Project Login Security 7.x-1.x
4
CVSSv2
CVE-2013-4187
The Flippy module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
Flippy Project Flippy
Flippy Project Flippy 7.x-1.x
7.5
CVSSv2
CVE-2011-2715
An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
4.3
CVSSv2
CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display.
Drupal Data 6.x-1.0
Drupal Drupal 6.20
3.5
CVSSv2
CVE-2012-5558
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions before 6.x-1.1 and Smileys module 6.x-1.x versions before 6.x-1.1 for Drupal allows remote authenticated users with the "administer smiley" permission to inject arbitrary web script or HTML v...
Smiley Project Smiley
Smileys Project Smileys
7.5
CVSSv2
CVE-2012-2714
The BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users via the audience identifier.
Browserid Project Browserid 7.x-1.0
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
5
CVSSv2
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »