drupal

509 tracked vulnerabilities.

CVE-2014-1607
Drupal EventCalendar module 7.14 - Cross-Site Scripting via Year Parameter
Jan 26, 2014
EPSS 0.00
CVE-2014-1476
Drupal 7.x < 7.26 - Authenticated Information Disclosure via Taxonomy Module
Jan 24, 2014
EPSS 0.00
CVE-2014-1475
Drupal 6.x < 6.30 and 7.x < 7.26 - Unauthenticated Authentication Bypass via OpenID Module
Jan 24, 2014
EPSS 0.01
CVE-2013-4226 MEDIUM
Authenticated User Page Caching < 7.x-1.5 - Unauthorized Information Disclosure via Cached Pages
Feb 18, 2020
CVSS 6.5
EPSS 0.00
CVE-2013-7407
Drupal MRBS Module - Cross-Site Request Forgery
Oct 22, 2014
EPSS 0.00
CVE-2013-0244
Drupal 6.x < 6.28 and 7.x < 7.19 - Cross-Site Scripting via jQuery DOM Selection Functions
Jan 19, 2014
EPSS 0.00
CVE-2013-6388
Drupal 7.x < 7.24 - Cross-Site Scripting via Color Module CSS Handling
Dec 24, 2013
EPSS 0.00
CVE-2013-6387
Drupal 7.x - Authenticated Cross-Site Scripting in Image Module Description Field
Dec 24, 2013
EPSS 0.00
CVE-2013-6389
Drupal 7.x < 7.24 - Open Redirect via Overlay Module
Dec 07, 2013
EPSS 0.00
CVE-2013-6386
Drupal 6.x < 6.29 and 7.x < 7.24 - Predictable Security String Generation via mt_rand
Dec 07, 2013
EPSS 0.00
CVE-2013-6385
Drupal 6.x < 6.29 and 7.x < 7.24 - Remote Code Execution via Form API
Dec 07, 2013
EPSS 0.02
CVE-2013-0246
Drupal < 7.19 - Unauthenticated Information Disclosure via Image Module
Jul 16, 2013
EPSS 0.00
CVE-2013-0245
Drupal 6.x < 6.28 and 7.x < 7.19 - Authenticated Access Bypass via Book Module Printer-Friendly Version
Jul 16, 2013
EPSS 0.00
CVE-2013-0316
Drupal 7.x - Denial of Service via Image Module Derivative Requests
Mar 27, 2013
EPSS 0.01
CVE-2012-2079 HIGH
Drupal Activity module 6.x-1.x - Cross-Site Request Forgery
Nov 22, 2019
CVSS 8.8
EPSS 0.00
CVE-2012-2078 MEDIUM
Drupal Activity module 6.x-1.x - Cross-Site Scripting
Nov 21, 2019
CVSS 4.8
EPSS 0.00
CVE-2012-1637 MEDIUM
Drupal Quick Tabs 6.x-2.x-6.x-2.1 6.x-3.x-6.x-3.1 7.x-3.x-7.x-3.3 - Cross-Site Scripting
Nov 21, 2019
CVSS 4.8
EPSS 0.00
CVE-2012-0827
Drupal 7.x < 7.11 - Authenticated Arbitrary Private File Read via File Module
Oct 28, 2013
EPSS 0.00
CVE-2012-0826
Drupal 6.x < 6.23 and 7.x < 7.11 - Cross-Site Request Forgery in Aggregator Module
Oct 28, 2013
EPSS 0.00
CVE-2012-0825
Drupal <6.23, <7.11 - Info Disclosure
Oct 28, 2013
EPSS 0.01
CVE-2012-5653
Drupal 6.x < 6.27 and 7.x < 7.18 - Authenticated Remote Code Execution via Null Byte in File Upload
Jan 03, 2013
EPSS 0.01
CVE-2012-5652
Drupal 6.x - Unauthenticated Sensitive Information Exposure via RSS Feed or Search Result
Jan 03, 2013
EPSS 0.01
CVE-2012-5651
Drupal <6.27 & <7.18 - Info Disclosure
Jan 03, 2013
EPSS 0.01
CVE-2012-4554
Drupal 7.x < 7.16 - Arbitrary File Read via OpenID Module XRDS DOCTYPE Declaration
Nov 11, 2012
EPSS 0.55
CVE-2012-4553
Drupal <7.16 - Info Disclosure/Code Injection
Nov 11, 2012
EPSS 0.01
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV