Lucene search
+L

14211 matches found

Nuclei
Nuclei
added 8 hours ago29 views

Drupal 7 CKEditor XSS

CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...

6.1CVSS6.4AI score0.03189EPSS
Exploits0References4
Nuclei
Nuclei
added 8 hours ago101 views

Drupal 11.x-dev - Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...

5.3CVSS5.6AI score0.09269EPSS
Exploits4
Nuclei
Nuclei
added yesterday17 views

Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query

Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...

9.8CVSS8AI score0.84631EPSS
Exploits14References2
Nuclei
Nuclei
added 2 days ago100 views

Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion

In avataruploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. id: CVE-2018-9205 info: name: Drupal avataruploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avataruploader...

7.5CVSS7AI score0.56924EPSS
Exploits6References5
Nuclei
Nuclei
added 2 days ago56 views

Drupal - Remote Code Execution

Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases. id: CVE-2019-6340 info: name: Drupal - Remote Code Execution author: madrobot severity:...

8.1CVSS7.4AI score0.92017EPSS
Exploits22References5
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43090

vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions:...

6.1AI score0.00392EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43088

vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions:...

6.1AI score0.00508EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43070

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43093

vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions:...

6.1AI score0.0032EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.7 views

EUVD-2026-43072

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

6.1AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00192EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.7 views

EUVD-2026-43069

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1AI score0.00253EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43092

vulnerability in Drupal Composer allows . This issue affects Composer versions:...

6.1AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.6 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00414EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43071

Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affects FlowDrop versions: from 0.0.0 to 1.6.0...

6.1AI score0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43073

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...

6.1AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43082

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0.0 to 11.0.,...

6.1AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.7 views

EUVD-2026-43085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from 11.2.0 to 11.2.14, from 11.3.0 to 11.3.12, from 0.0....

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43053

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Flag attendance field allows Object Injection. This issue affects Flag attendance field versions: from 0.0.0 to 1.2...

6.1AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/11 12:31 a.m.5 views

EUVD-2026-43078

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

6.1AI score0.00175EPSS
Exploits0References2
Rows per page
Query Builder