Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2014-9504
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x prior to 7.x-2.26 for Drupal, allows remote malicious users to access child groups via vectors related to membership inheritance.
Open Atrium Project Open Atrium 7.x-2.0
Open Atrium Project Open Atrium
7.5
CVSSv3
CVE-2015-7875
ctools 6.x-1.x prior to 6.x-1.14 and 7.x-1.x prior to 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.
Chaos Tool Suite Project Ctools 7.x-1.7
Chaos Tool Suite Project Ctools 6.x-1.0
Chaos Tool Suite Project Ctools 6.x-1.1
Chaos Tool Suite Project Ctools 6.x-1.8
Chaos Tool Suite Project Ctools 6.x-1.9
Chaos Tool Suite Project Ctools 7.x-1.0
Chaos Tool Suite Project Ctools 7.x-1.4
Chaos Tool Suite Project Ctools 7.x-1.5
Chaos Tool Suite Project Ctools 6.x-1.6
Chaos Tool Suite Project Ctools 6.x-1.7
Chaos Tool Suite Project Ctools 7.x-1.2
Chaos Tool Suite Project Ctools 7.x-1.3
Chaos Tool Suite Project Ctools 6.x-1.2
Chaos Tool Suite Project Ctools 6.x-1.3
Chaos Tool Suite Project Ctools 6.x-1.11
Chaos Tool Suite Project Ctools 6.x-1.12
Chaos Tool Suite Project Ctools 7.x-1.6
Chaos Tool Suite Project Ctools 6.x-1.4
Chaos Tool Suite Project Ctools 6.x-1.5
Chaos Tool Suite Project Ctools 6.x-1.13
Chaos Tool Suite Project Ctools 6.x-1.x
Chaos Tool Suite Project Ctools 7.x-1.1
7.5
CVSSv3
CVE-2017-6919
Drupal 8 prior to 8.2.8 and 8.3 prior to 8.3.1 allows critical access bypass by authenticated users if the RESTful Web Services (rest) module is enabled and the site allows PATCH requests.
Drupal Drupal 8.3.0
Drupal Drupal 8.0.0
Drupal Drupal 8.0.1
Drupal Drupal 8.1.0
Drupal Drupal 8.1.7
Drupal Drupal 8.1.8
Drupal Drupal 8.2.0
Drupal Drupal 8.2.6
Drupal Drupal 8.0.2
Drupal Drupal 8.0.3
Drupal Drupal 8.1.1
Drupal Drupal 8.1.9
Drupal Drupal 8.1.10
Drupal Drupal 8.2.1
Drupal Drupal 8.0.4
Drupal Drupal 8.0.5
Drupal Drupal 8.1.2
Drupal Drupal 8.1.3
Drupal Drupal 8.2.7
Drupal Drupal 8.2.2
Drupal Drupal 8.2.3
Drupal Drupal 8.0.6
7.5
CVSSv3
CVE-2017-6377
When adding a private file via the editor in Drupal 8.2.x prior to 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
Drupal Drupal 8.2.0
Drupal Drupal 8.2.4
Drupal Drupal 8.2.5
Drupal Drupal 8.2.2
Drupal Drupal 8.2.3
Drupal Drupal 8.2.6
Drupal Drupal 8.2.1
7.5
CVSSv3
CVE-2017-6379
Some administrative paths in Drupal 8.2.x prior to 8.2.7 did not include protection for CSRF. This would allow an malicious user to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Drupal Drupal 8.2.5
Drupal Drupal 8.2.6
Drupal Drupal 8.2.1
Drupal Drupal 8.2.2
Drupal Drupal 8.2.3
Drupal Drupal 8.2.4
Drupal Drupal 8.2.0
7.5
CVSSv3
CVE-2016-9450
The user password reset form in Drupal 8.x prior to 8.2.3 allows remote malicious users to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
Drupal Drupal 8.2.2
Drupal Drupal 8.2.0
Drupal Drupal 8.0.0
Drupal Drupal 8.0.2
Drupal Drupal 8.1.0
Drupal Drupal 8.1.1
Drupal Drupal 8.1.6
Drupal Drupal 8.1.8
Drupal Drupal 8.0.4
Drupal Drupal 8.0.5
Drupal Drupal 8.0.6
Drupal Drupal 8.1.2
Drupal Drupal 8.1.3
Drupal Drupal 8.1.4
Drupal Drupal 8.1.5
Drupal Drupal 8.2.1
Drupal Drupal 8.1.10
Drupal Drupal 8.0.1
Drupal Drupal 8.0.3
Drupal Drupal 8.1.7
Drupal Drupal 8.1.9
7.5
CVSSv3
CVE-2016-3163
The XML-RPC system in Drupal 6.x prior to 6.38 and 7.x prior to 7.43 might make it easier for remote malicious users to conduct brute-force attacks via a large number of calls made at once to the same method.
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Drupal Drupal 7.7
Drupal Drupal 7.6
Drupal Drupal 7.5
Drupal Drupal 7.4
Drupal Drupal 7.24
Drupal Drupal 7.23
Drupal Drupal 7.22
Drupal Drupal 7.21
Drupal Drupal 7.0
Drupal Drupal 6.37
Drupal Drupal 6.8
Drupal Drupal 6.7
Drupal Drupal 6.6
Drupal Drupal 6.5
Drupal Drupal 6.26
Drupal Drupal 6.25
Drupal Drupal 6.24
Drupal Drupal 6.23
Drupal Drupal 6.10
Drupal Drupal 6.1
7.5
CVSSv3
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
7.5
CVSSv3
CVE-2015-8754
The Mollom module 6.x-2.7 prior to 6.x-2.15 for Drupal allows remote malicious users to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.
Acquia Mollom 6.x-2.14
Acquia Mollom 6.x-2.13
Acquia Mollom 6.x-2.12
Acquia Mollom 6.x-2.11
Acquia Mollom 6.x-2.9
Acquia Mollom 6.x-2.7
Acquia Mollom 6.x-2.10
Acquia Mollom 6.x-2.8
7.4
CVSSv3
CVE-2017-6924
In Drupal 8 before 8.3.7; When using the REST API, users without the correct permission can post comments via REST that are approved even if the user does not have permission to post approved comments. This issue only affects sites that have the RESTful Web Services (rest) module...
Drupal Drupal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »