Lucene search
+L

595 matches found

Vulnrichment
Vulnrichment
added 2025/11/18 4:55 p.m.2 views

CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007

User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

6.5AI score0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 4:55 p.m.9 views

CVE-2025-13082 Drupal core - Moderately critical - Defacement - SA-CORE-2025-007

User Interface UI Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8...

0.00222EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 4:55 p.m.25 views

CVE-2025-13082

CVE-2025-13082 concerns Drupal core, where a UI misrepresentation of critical information allows content spoofing. Affected versions are Drupal core: 8.0.0–before 10.4.9, 10.5.0–before 10.5.6, 11.0.0–before 11.1.9, and 11.2.0–before 11.2.8. The vulnerability stems from the user interface displayi...

4.3CVSS6.5AI score0.00222EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.8 views

Drupal 11.2.x < 11.2.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00316EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.6 views

Drupal 8.0.x < 10.4.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00316EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.10 views

Drupal 10.5.x < 10.5.6 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00316EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/17 12:0 a.m.9 views

Drupal 11.0.x < 11.1.9 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden. - Drupal core contains a...

5.9CVSS7.2AI score0.00316EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2025/11/14 12:0 a.m.9 views

Drupal Multiple Vulnerabilities (SA-CORE-2025-005 - SA-CORE-2025-008)

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

5.9CVSS7.8AI score0.00316EPSS
Exploits0References4
OSV
OSV
added 2025/11/12 8:16 p.m.4 views

DRUPAL-CORE-2025-007

By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement. The defacement is not stored and is only present when the URL has been crafted for that purpose. Only the defacement is present, so no other site content such as branding is rendered...

4.3CVSS6.6AI score0.00222EPSS
Exploits0References1
Drupal
Drupal
added 2025/11/12 12:0 a.m.11 views

Drupal core - Moderately critical - Defacement - SA-CORE-2025-007

By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement. The defacement is not stored and is only present when the URL has been crafted for that purpose. Only the defacement is present, so no other site content such as branding is rendered...

4.3CVSS5.3AI score0.00222EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/11/12 12:0 a.m.6 views

Drupal core 8.0.0-10.4.8,10.5.0-10.5.5,11.0.0-11.1.8,11.2.0-11.2.7 - Unauthenticated Defacement vulnerability

Unauthenticated Defacement vulnerability discovered by Kevin Quillen kevinquillen in WordPress Core Drupal versions 8.0.0-10.4.8,10.5.0-10.5.5,11.0.0-11.1.8,11.2.0-11.2.7...

4.3CVSS7AI score0.00222EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.4 views

Drupal 8.x/9.x/10.x < 10.4.9 / 10.5.x < 10.5.6 / 11.1.x < 11.1.9 / 11.2.x < 11.2.8 Multiple Vulnerabilities (drupal-2025-11-12)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.x, 9.x, or 10.4.x prior to 10.4.9, 10.5.x prior to 10.5.6, 11.1.x prior to 11.1.9, or 11.2.x prior to 11.2.8. It is, therefore, affected by multiple vulnerabilities. - Drupal core contains a chain...

5.9CVSS6.3AI score0.00316EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/11/10 12:0 a.m.8 views

DotNetNuke < 10.1.1 Unrestricted File Upload

DotNetNuke CMS versions prior to 10.1.1 are affected by an unrestricted file upload vulnerability due to improper validation of uploaded files in the default HTML editor provider. This vulnerability allows unauthenticated users to upload files without proper restrictions, potentially leading to...

10CVSS6.2AI score0.44656EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2025/11/06 8:20 p.m.237 views

Exploit for Unrestricted Upload of File with Dangerous Type in Dnnsoftware Dotnetnuke

CVE-2025-64095-DotNetNuke-DNNPoC proof of concept PoC F...

10CVSS6.7AI score0.44656EPSS
Exploits3
Hacker One
Hacker One
added 2025/11/06 11:53 a.m.14 views

U.S. Dept Of Defense: DNN - Unrestricted Arbitrary File Upload #████████

A vulnerability was discovered in versions of DNN formerly DotNetNuke prior to 10.1.1. The vulnerability was caused by the default HTML editor provider allowing unauthenticated file uploads and overwriting of existing files. This could have led to website defacement and cross-site scripting attac...

10CVSS6.2AI score0.44656EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/10/29 10:14 p.m.10 views

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS6.6AI score0.44656EPSS
Exploits3References1
EUVD
EUVD
added 2025/10/29 9:48 p.m.11 views

EUVD-2025-36564

DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite...

10CVSS6.3AI score0.44656EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2025/10/29 9:48 p.m.17 views

DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...

10CVSS6.8AI score0.44656EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2025/10/29 9:48 p.m.5 views

GHSA-3M8R-W7XG-JQVW DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite

Summary The default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. Description An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads...

10CVSS6.8AI score0.44656EPSS
Exploits3References3
NVD
NVD
added 2025/10/28 10:15 p.m.12 views

CVE-2025-64095

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files...

10CVSS0.44656EPSS
Exploits3References1
Rows per page
Query Builder