Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
7.5
CVSSv2
CVE-2019-19826
The Views Dynamic Fields module up to and including 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion...
Drupal Views Dynamic Field
Drupal Views Dynamic Field 7.x-1.0
4.3
CVSSv2
CVE-2011-3373
Drupal Views Builk Operations (VBO) module 6.x-1.0 up to and including 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially...
Drupal Views Builk Operations
6.8
CVSSv2
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
3.5
CVSSv2
CVE-2012-1637
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x prior to 6.x-2.1, 6.x-3.x prior to 6.x-3.1, and 7.x-3.x prior to 7.x-3.3 for Drupal.
Drupal Quick Tabs 6.x-2.0
Drupal Quick Tabs 6.x-3.0
Drupal Quick Tabs 7.x-3.0
Drupal Quick Tabs 7.x-3.1
Drupal Quick Tabs 7.x-3.2
3.5
CVSSv2
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
5
CVSSv2
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent no...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Fedoraproject Fedora 16
3.5
CVSSv2
CVE-2013-4275
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x prior to 7.x-3.2, and 7.x-5.x prior to 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitr...
Zen Project Zen
5
CVSSv2
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote malicious users to read private files via a direct request.
Ckeditor Ckeditor 7.x-1.4
5
CVSSv2
CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module up to and including 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
Drupal Svg Sanitizer
Drupal Svg Sanitizer 8.x-1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »