Lucene search
K

14160 matches found

Nuclei
Nuclei
added 12 hours ago100 views

Drupal 11.x-dev - Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...

5.3CVSS6.2AI score0.09269EPSS
Exploits4
Nuclei
Nuclei
added 12 hours ago28 views

Drupal 7 CKEditor XSS

CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...

6.1CVSS6.7AI score0.03189EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query

Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...

9.8CVSS7.1AI score0.84631EPSS
Exploits14References2
Nuclei
Nuclei
added yesterday100 views

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

7.5CVSS7AI score0.56924EPSS
Exploits6References5
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43090

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

6.1AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43069

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43071

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

6.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43072

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

6.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43073

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43092

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

6.1AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43070

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00204EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

6.1AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43054

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43077

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Siteimprove Analytics allows Cross-Site Scripting XSS. This issue affects Siteimprove Analytics versions: from 0.0.0 to 2.0.1...

6.1AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43078

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

6.1AI score0.002EPSS
Exploits0References2
Rows per page
Query Builder