Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2012-2714
The BrowserID (Mozilla Persona) module 7.x-1.x prior to 7.x-1.3 for Drupal allows remote malicious users to hijack the authentication of arbitrary users via the audience identifier.
Browserid Project Browserid 7.x-1.0
Browserid Project Browserid 7.x-1.1
Browserid Project Browserid 7.x-1.2
445
VMScore
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
668
VMScore
CVE-2019-19826
The Views Dynamic Fields module up to and including 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion...
Drupal Views Dynamic Field
Drupal Views Dynamic Field 7.x-1.0
383
VMScore
CVE-2011-3373
Drupal Views Builk Operations (VBO) module 6.x-1.0 up to and including 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially...
Drupal Views Builk Operations
605
VMScore
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
312
VMScore
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
312
VMScore
CVE-2012-1637
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x prior to 6.x-2.1, 6.x-3.x prior to 6.x-3.1, and 7.x-3.x prior to 7.x-3.3 for Drupal.
Drupal Quick Tabs 6.x-2.0
Drupal Quick Tabs 6.x-3.0
Drupal Quick Tabs 7.x-3.0
Drupal Quick Tabs 7.x-3.1
Drupal Quick Tabs 7.x-3.2
445
VMScore
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent no...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Fedoraproject Fedora 16
312
VMScore
CVE-2013-4275
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x prior to 7.x-3.2, and 7.x-5.x prior to 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitr...
Zen Project Zen
445
VMScore
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote malicious users to read private files via a direct request.
Ckeditor Ckeditor 7.x-1.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »