Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-13674
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed...
Drupal Drupal
6.5
CVSSv3
CVE-2013-4226
The Authenticated User Page Caching (Authcache) module 7.x-1.x prior to 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the ...
Drupal Authenticated User Page Caching 7.x-1.0
Drupal Authenticated User Page Caching 7.x-1.1
Drupal Authenticated User Page Caching 7.x-1.2
Drupal Authenticated User Page Caching 7.x-1.3
Drupal Authenticated User Page Caching 7.x-1.4
Drupal Authenticated User Page Caching 7.x-1.5
6.5
CVSSv3
CVE-2013-4187
The Flippy module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.
Flippy Project Flippy
Flippy Project Flippy 7.x-1.x
6.5
CVSSv3
CVE-2010-2473
Drupal 6.x prior to 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Drupal Drupal
6.5
CVSSv3
CVE-2017-6923
In Drupal 8.x before 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoint to only views configured to use Ajax. This is mitigated if you have access rest...
Drupal Drupal
6.5
CVSSv3
CVE-2017-6922
In Drupal core 8.x before 8.3.4 and Drupal core 7.x before 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2018-14773
An issue exists in Http Foundation in Symfony 2.7.0 up to and including 2.7.48, 2.8.0 up to and including 2.8.43, 3.3.0 up to and including 3.3.17, 3.4.0 up to and including 3.4.13, 4.0.0 up to and including 4.0.13, and 4.1.0 up to and including 4.1.2. It arises from support for ...
Sensiolabs Symfony
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Drupal Drupal
1 Github repository
6.5
CVSSv3
CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api 7.x-1.1
Entity Api Project Entity Api 7.x-1.2
Fedoraproject Fedora 20
Fedoraproject Fedora 19
6.5
CVSSv3
CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Entity Api Project Entity Api 7.x-1.2
Entity Api Project Entity Api 7.x-1.1
Entity Api Project Entity Api 7.x-1.0
Fedoraproject Fedora 20
Fedoraproject Fedora 19
6.5
CVSSv3
CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Entity Api Project Entity Api 7.x-1.2
Entity Api Project Entity Api 7.x-1.0
Entity Api Project Entity Api 7.x-1.1
Fedoraproject Fedora 19
Fedoraproject Fedora 20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »