CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels...

3.5CVSS6.7AI score0.00129EPSS

Exploits0References1

CVE•added 2025/01/09 8:16 p.m.•48 views

CVE-2024-13291

CVE-2024-13291 concerns Drupal’s Basic HTTP Authentication module. Affected versions are 7.X-1.0 through 7.X-1.3 (and 7.X-1.0 to 7.X-1.3 per PT-2024-10484) with the issue arising from insufficient authorization, enabling forceful browsing (an access-bypass scenario). The vulnerability is fixed in...

7.3CVSS7.2AI score0.00157EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2023/10/20 12:0 a.m.•38 views

Ubuntu 16.04 ESM : Drupal vulnerabilities (USN-4773-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4773-1 advisory. It was discovered that Drupal did not properly process certain input. An attacker could use this vulnerability to execute arbitrary code or completely...

9.8CVSS7.9AI score0.94489EPSS

Exploits57References6

OSV•added 2022/05/17 4:8 a.m.•11 views

GHSA-96VX-QF28-6F8M Drupal Access Control Bypass

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...

7.5CVSS6.2AI score0.00774EPSS

Exploits0References9

OSV•added 2022/05/17 3:57 a.m.•14 views

GHSA-PQV4-XGQH-J8VH Drupal sensitive information disclosure

The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in...

5.3CVSS5.3AI score0.00498EPSS

Exploits0References8

OSV•added 2022/05/17 3:5 a.m.•16 views

GHSA-66GR-XRCF-8JPQ Drupal Open Redirect

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors...

6.8CVSS6.3AI score0.00119EPSS

Exploits0References5

Tenable Nessus•added 2022/01/20 12:0 a.m.•27 views

Drupal 7.x < 7.86 Cross-Site Scripting

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple cross-site scripting vulnerabilities due to its usage of the third party component jQuery UI...

6.5CVSS8AI score0.27509EPSS

Exploits4References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by