Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2024/10/09 3:56 p.m.2 views

DRUPAL-CONTRIB-2024-048

This module provides a new UI experience for node editing using the Gutenberg Editor library. The module did not sufficiently protect some routes against a Cross Site Request Forgery attack. This vulnerability is mitigated by the fact that the tricked user needs to have an active session with the...

8.8CVSS6.7AI score0.00216EPSS
Exploits0References1
Drupal
Drupaladded 2024/10/09 12:0 a.m.5 views

Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048

This module provides a new UI experience for node editing using the Gutenberg Editor library. The module did not sufficiently protect some routes against a Cross Site Request Forgery attack. This vulnerability is mitigated by the fact that the tricked user needs to have an active session with the...

8.8CVSS7.1AI score0.00216EPSS
Exploits0References12
Drupal
Drupaladded 2021/05/12 12:0 a.m.7 views

Gutenberg - Critical - Access bypass - SA-CONTRIB-2021-007

This module provides a new UI experience for node editing using the Gutenberg Editor library. The module did not correctly validate access rules in certain situations allowing anonymous users to delete blocks...

6.6AI score
Exploits0References8
Drupal
Drupaladded 2019/09/25 12:0 a.m.10 views

Gutenberg - Critical - Access bypass - SA-CONTRIB-2019-069

This module provides a new UI experience for node editing - Gutenberg editor. The routes used by the Gutenberg editor lack proper permissions allowing untrusted users to view and modify some content they should not be able to view or modify...

6.5AI score
Exploits0References7
Friends Of PHP
Friends Of PHPadded 2016/09/21 6:39 p.m.21 views

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.00345EPSS
Exploits0Affected Software1
Drupal
Drupaladded 2012/05/16 12:0 a.m.15 views

SA-CONTRIB-2012-078 - Smart Breadcrumb - Cross Site Scripting (XSS)

CVE: CVE-2012-2705. The function filtertitles incorrectly attempts to set a title to plain-text, but does not properly filter user supplied text. This vulnerability is mitigated by the fact that an attacker must have the permission to create or edit a node to exploit the issue. Versions affected...

2.1CVSS6.3AI score0.00323EPSS
Exploits0References11
CVE
CVEadded 2008/08/27 3:0 p.m.53 views

CVE-2008-3745

The CVE-2008-3745 vulnerability affects Drupal 6.x prior to 6.4, in the Upload module. The issue allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors, indicating privilege/asset exposure within the Drupal content workflow. Th...

5.5CVSS6AI score0.00939EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder