Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-5476
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x prior to 4.6.10 and 4.7.x prior to 4.7.4 allows remote malicious users to perform unauthorized actions as an arbitrary user via unspecified vectors.
Drupal Drupal 4.6.5
Drupal Drupal 4.6.6
Drupal Drupal 4.7.3
Drupal Drupal 4.6.1
Drupal Drupal 4.6.2
Drupal Drupal 4.6.9
Drupal Drupal 4.7.0
Drupal Drupal 4.6.3
Drupal Drupal 4.6.4
Drupal Drupal 4.7.1
Drupal Drupal 4.7.2
Drupal Drupal 4.6.0
Drupal Drupal 4.6.7
Drupal Drupal 4.6.8
NA
CVE-2006-5477
Drupal 4.6.x prior to 4.6.10 and 4.7.x prior to 4.7.4 allows form submissions to be redirected, which allows remote malicious users to obtain arbitrary form information via a crafted URL.
Drupal Drupal 4.6.6
Drupal Drupal 4.6.7
Drupal Drupal 4.6.8
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.7.1
Drupal Drupal 4.7.2
Drupal Drupal 4.6.4
Drupal Drupal 4.6.5
Drupal Drupal 4.7.3
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.6.9
Drupal Drupal 4.7.0
NA
CVE-2006-1227
Drupal 4.5.x prior to 4.5.8 and 4.6.x prior to 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote malicious users to access administrator pages.
Drupal Drupal 4.5.6
Drupal Drupal 4.5.7
Drupal Drupal 4.5.2
Drupal Drupal 4.5.3
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.5.0
Drupal Drupal 4.5.1
Drupal Drupal 4.6.0
Drupal Drupal 4.6.1
Drupal Drupal 4.5.4
Drupal Drupal 4.5.5
Drupal Drupal 4.6.4
Drupal Drupal 4.6.5
NA
CVE-2012-2153
Drupal 7.x prior to 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing...
Drupal Drupal 7.0
Drupal Drupal 7.12
Drupal Drupal 7.5
Drupal Drupal 7.13
Drupal Drupal 7.x-dev
Drupal Drupal 7.2
Drupal Drupal 7.6
Drupal Drupal 7.9
Drupal Drupal 7.8
Drupal Drupal 7.1
Drupal Drupal 7.3
Drupal Drupal 7.11
Drupal Drupal 7.10
Drupal Drupal 7.4
Drupal Drupal 7.7
NA
CVE-2012-1588
Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x prior to 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via a long email address.
Drupal Drupal 7.0
Drupal Drupal 7.12
Drupal Drupal 7.5
Drupal Drupal 7.13
Drupal Drupal 7.x-dev
Drupal Drupal 7.2
Drupal Drupal 7.6
Drupal Drupal 7.9
Drupal Drupal 7.4
Drupal Drupal 7.7
Drupal Drupal 7.1
Drupal Drupal 7.3
Drupal Drupal 7.8
Drupal Drupal 7.11
Drupal Drupal 7.10
NA
CVE-2012-1591
The image module in Drupal 7.x prior to 7.14 does not properly check permissions when caching derivative image styles of private images, which allows remote malicious users to read private image styles.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.3
Drupal Drupal 7.8
Drupal Drupal 7.11
Drupal Drupal 7.4
Drupal Drupal 7.7
Drupal Drupal 7.12
Drupal Drupal 7.5
Drupal Drupal 7.10
Drupal Drupal 7.13
Drupal Drupal 7.x-dev
Drupal Drupal 7.2
Drupal Drupal 7.6
Drupal Drupal 7.9
NA
CVE-2012-1590
The forum list in Drupal 7.x prior to 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Drupal Drupal 7.0
Drupal Drupal 7.3
Drupal Drupal 7.12
Drupal Drupal 7.10
Drupal Drupal 7.13
Drupal Drupal 7.2
Drupal Drupal 7.1
Drupal Drupal 7.8
Drupal Drupal 7.11
Drupal Drupal 7.x-dev
Drupal Drupal 7.6
Drupal Drupal 7.9
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.7
NA
CVE-2008-4790
The core upload module in Drupal 5.x prior to 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors.
Drupal Drupal 5.5
Drupal Drupal 5.4
Drupal Drupal 5.0
Drupal Drupal 5.3
Drupal Drupal 5.2
Drupal Drupal 5.9
Drupal Drupal 5.8
Drupal Drupal 5.1
Drupal Drupal 5.7
Drupal Drupal 5.6
Drupal Drupal
NA
CVE-2008-4793
The node module API in Drupal 5.x prior to 5.11 allows remote malicious users to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules.
Drupal Drupal 5.4
Drupal Drupal 5.3
Drupal Drupal 5.0
Drupal Drupal 5.9
Drupal Drupal 5.2
Drupal Drupal 5.1
Drupal Drupal 5.8
Drupal Drupal 5.7
Drupal Drupal
Drupal Drupal 5.6
Drupal Drupal 5.5
NA
CVE-2006-4002
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 prior to 4.6.9, and 4.7 prior to 4.7.3, allows remote malicious users to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
Drupal Drupal 4.6.5
Drupal Drupal 4.6.6
Drupal Drupal 4.6.1
Drupal Drupal 4.6.2
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 4.6.3
Drupal Drupal 4.6.4
Drupal Drupal 4.7.2
Drupal Drupal 4.6.0
Drupal Drupal 4.6.7
Drupal Drupal 4.6.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »