Lucene search
K

92 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:22 a.m.7 views

CVE-2013-0325

Multiple cross-site scripting XSS vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a 1 Watchdog message or 2 admin setting...

4.3CVSS6AI score0.01284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:15 a.m.6 views

CVE-2010-3094

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via 1 an action description, 2 an action message, 3 a node, or 4 a taxonomy term, related to the actions feature and the...

2.1CVSS5.5AI score0.01398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 a.m.9 views

CVE-2012-5547

Multiple cross-site request forgery CSRF vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 enable a server via a server action or 2 enable a search index via an enable index action...

6.8CVSS7.6AI score0.00636EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.6 views

CVE-2017-20001

The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy...

7.5CVSS7.1AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:47 a.m.5 views

CVE-2016-1913

Multiple cross-site scripting XSS vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to 1 individual contacts, 2 notes, or 3 engagement scores...

5.4CVSS5.6AI score0.00615EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:57 p.m.6 views

CVE-2009-3350

Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors...

10CVSS7.3AI score0.01239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:50 p.m.7 views

CVE-2009-3351

Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors...

10CVSS7.3AI score0.01323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:48 p.m.8 views

CVE-2009-3354

Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors...

10CVSS7.3AI score0.01239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:55 p.m.6 views

CVE-2009-3921

The Smartqueueog module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation message...

4CVSS6.8AI score0.01152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 6:39 p.m.6 views

CVE-2009-3352

Multiple unspecified vulnerabilities in the quotabyrole Quota by role module for Drupal have unknown impact and attack vectors...

10CVSS7.3AI score0.01959EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.5 views

Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...

7.5CVSS7.9AI score0.00537EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.3 views

Drupal 11.0.x < 11.0.12 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...

7.5CVSS7.9AI score0.00537EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.2 views

Drupal 11.1.x < 11.1.3 Multiple Vulnerabilities

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...

7.5CVSS7.9AI score0.00537EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/02/20 12:0 a.m.10 views

Drupal Multiple Vulnerabilities (SA-CORE-2025-001, SA-CORE-2025-002, SA-CORE-2025-003) - Windows

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.5CVSS7.3AI score0.00537EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/02/20 12:0 a.m.38 views

Drupal Multiple Vulnerabilities (SA-CORE-2025-001, SA-CORE-2025-002, SA-CORE-2025-003) - Linux

Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

7.5CVSS7.3AI score0.00537EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/19 12:0 a.m.8 views

Drupal 10.3.x < 10.3.13 / 10.3.x < 10.3.13 / 10.4.x < 10.4.3 / 10.4.x < 10.4.3 / 11.x < 11.0.12 / 11.x < 11.0.12 / 11.1.x < 11.1.3 / 11.1.x < 11.1.3 Multiple Vulnerabilities (drupal-2025-02-19)

According to its self-reported version, the instance of Drupal running on the remote web server is 10.3.x prior to 10.3.13, 10.3.x prior to 10.3.13, 10.4.x prior to 10.4.3, 10.4.x prior to 10.4.3, 11.x prior to 11.0.12, 11.x prior to 11.0.12, 11.1.x prior to 11.1.3, or 11.1.x prior to 11.1.3. It...

5.7AI score
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/01/09 8:21 p.m.7 views

CVE-2024-13298 Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting XSS.This issue affects Tarte au Citron: from 2.0.0 before 2.0.5...

5.1AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 8:16 p.m.33 views

CVE-2024-13291 Basic HTTP Authentication - Critical - Access bypass - SA-CONTRIB-2024-057

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4...

0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 7:19 p.m.17 views

CVE-2024-13270 Freelinking - Moderately critical - Information Disclosure - SA-CONTRIB-2024-034

Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1...

0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal versions 1.0.0 through 2.0.2, which stems from improper input neutralization during web page generation, resulting in a cross-site scripting...

3.8CVSS6.2AI score0.00251EPSS
Exploits0References3
Rows per page
Query Builder