Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
9.8
CVSSv3
CVE-2019-19826
The Views Dynamic Fields module up to and including 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion...
Drupal Views Dynamic Field
Drupal Views Dynamic Field 7.x-1.0
6.1
CVSSv3
CVE-2011-3373
Drupal Views Builk Operations (VBO) module 6.x-1.0 up to and including 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially...
Drupal Views Builk Operations
8.8
CVSSv3
CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
4.8
CVSSv3
CVE-2012-1637
Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x-2.x prior to 6.x-2.1, 6.x-3.x prior to 6.x-3.1, and 7.x-3.x prior to 7.x-3.3 for Drupal.
Drupal Quick Tabs 6.x-2.0
Drupal Quick Tabs 6.x-3.0
Drupal Quick Tabs 7.x-3.0
Drupal Quick Tabs 7.x-3.1
Drupal Quick Tabs 7.x-3.2
4.8
CVSSv3
CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal.
Drupal Activity 6.x-1.x
7.5
CVSSv3
CVE-2011-2726
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent no...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Fedoraproject Fedora 14
Fedoraproject Fedora 15
Fedoraproject Fedora 16
7.5
CVSSv3
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote malicious users to read private files via a direct request.
Ckeditor Ckeditor 7.x-1.4
5.4
CVSSv3
CVE-2013-4275
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x prior to 7.x-3.2, and 7.x-5.x prior to 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitr...
Zen Project Zen
7.5
CVSSv3
CVE-2019-18856
A Denial Of Service vulnerability exists in the SVG Sanitizer module up to and including 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.
Drupal Svg Sanitizer
Drupal Svg Sanitizer 8.x-1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAP
CVE-2024-4367
server-side request forgery
information disclosure
CVE-2024-34342
CVE-2024-4281
CVE-2024-3507
CVE-2024-25560
CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »