Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Drupal
Drupaladded 2025/05/07 12:0 a.m.22 views

oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048

This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...

6.1CVSS5.8AI score0.00182EPSS
Exploits0References2
Drupal
Drupaladded 2018/05/23 12:0 a.m.5 views

SimpleCrop - Critical - Unsupported - SA-CONTRIB-2018-030

Update: 2018-06-01 A new maintainer has stepped forward to maintain this module and has put out a new release. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module...

7.2AI score
Exploits0References3
Drupal
Drupaladded 2015/03/04 12:0 a.m.19 views

SA-CONTRIB-2015-067 - Finder - Open Redirect

Finder module allows you to create flexible faceted search forms to find entities such as nodes or users based on the values of fields and database attributes. The provided function finderformgoto is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the...

5.8CVSS6.3AI score0.00253EPSS
Exploits0References12
Drupal
Drupaladded 2013/03/13 12:0 a.m.19 views

SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass

This module enables you to limit the visibility of the fields on the node edit form. The module doesn't sufficiently check access before allowing users to view and edit the configuration options allowing anonymous and authenticated users the ability to view and edit the configuration options. CVE...

6.4CVSS6.2AI score0.00277EPSS
Exploits0References8
Drupal
Drupaladded 2009/05/20 12:0 a.m.7 views

SA-CONTRIB-2009-030 - Email Verification - Information disclosure / Cross Site Scripting

The Email Verification module tries to verify user email addresses by talking to the appropriate SMTP host. It also allows the administrator to access a list of not confirmed email addresses. In the Drupal 5 version, this list is only protected by the "access content" permission, hence allowing a...

6.1AI score
Exploits0References5
Drupal
Drupaladded 2007/10/17 12:0 a.m.35 views

SA-2007-024 - Drupal Core - HTTP response splitting

In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of issues, among them cache...

7.7AI score
Exploits0References5
Rows per page
Query Builder