Lucene search
K

13 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-43055

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Stored XSS. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13239

CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...

6.1AI score
Exploits0References1
EUVD
EUVD
added 2026/02/04 8:26 p.m.6 views

EUVD-2026-5339

Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4...

4.8CVSS5.3AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:1 p.m.3 views

EUVD-2025-206439

Cross-Site Request Forgery CSRF vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3...

8.1CVSS5.9AI score0.00135EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 11:14 p.m.1 views

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...

6.5AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/15 4:27 p.m.11 views

CVE-2025-8675 AI SEO Link Advisor - Less critical - Server-side Request Forgery - SA-CONTRIB-2025-095

Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...

0.00235EPSS
Exploits0References1
OSV
OSV
added 2025/01/09 7:18 p.m.2 views

CVE-2024-13269 Advanced Varnish - Moderately critical - Access bypass - SA-CONTRIB-2024-033

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11...

5.3CVSS6.1AI score0.00353EPSS
Exploits0References5
OSV
OSV
added 2025/01/09 7:15 p.m.5 views

CVE-2024-13240

Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.5 views

PT-2024-10229 · Drupal · Drupal Tooltip

Name of the Vulnerable Software and Affected Versions: Drupal Tooltip versions 0.0.0 through 1.1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS attacks. This can be exploited by a remote attacker to conduct...

5.5CVSS6.1AI score0.00228EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.5 views

PT-2025-2105 · Drupal · Ohdear Integration

Name of the Vulnerable Software and Affected Versions: OhDear Integration versions 0.0.0 through 2.0.3 Description: The issue is related to incorrect authorization in the OhDear Integration module for Drupal, allowing forceful browsing. This can enable a remote attacker to access confidential...

5.3CVSS7.2AI score0.00292EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.5 views

PT-2024-10094 · Drupal · Drupal Rest & Json Api Authentication

Name of the Vulnerable Software and Affected Versions: Drupal REST & JSON API Authentication versions 0.0.0 through 2.0.12 Description: The issue is related to an Incorrect Authorization vulnerability in Drupal REST & JSON API Authentication, allowing Forceful Browsing. This can enable a remote...

10CVSS7.5AI score0.00618EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/03/17 12:0 a.m.9 views

PT-2022-13408 · Unknown · Post-Loader

Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...

9.8CVSS9.4AI score0.01957EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2020/04/07 12:0 a.m.5 views

PT-2020-19656 · Npm · Express-Mock-Middleware

Name of the Vulnerable Software and Affected Versions: express-mock-middleware versions 0.0.0 through 0.0.6 Description: The issue allows exported functions by the package to be tricked into adding or modifying properties of the Object.prototype, which can be exploited by creating a new directory...

5.3CVSS5.2AI score0.01243EPSS
Exploits1References4
Rows per page
Query Builder