Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / drupal

drupal

509 tracked vulnerabilities.

Drupal 7.0-7.13 - Authenticated Unauthorized Node Access via Content Overview Page

Drupal 7.x < 7.14 - Unauthenticated Private Image Style Information Disclosure

Drupal 7.x < 7.14 - Authenticated Information Disclosure via Forum Overview Page

Drupal 7.x < 7.14 - Authenticated Denial of Service via Long Email Address in Text Filtering

Drupal FAQ < 6.x-1.13 and 7.x-1.x-rc1 - Authenticated Cross-Site Scripting via Title or Detailed Question Parameters

RealName module < 6.x-1.5 for Drupal - Cross-Site Scripting via User Names and Autocomplete Callbacks

Drupal Addressbook module 6.x-4.2 - SQL Injection

Drupal < 7.14 - Unauthenticated Sensitive Information Exposure via q[] Parameter

Glossary module 6.x-1.x < 6.x-1.8 for Drupal - Cross-Site Scripting via Taxonomy Information

Drupal 7.x < 7.13 - Open Redirect via Form API Destination URL

CVE-2011-2715 CRITICAL

Drupal Data 6.x-1.0-alpha14 - SQL Injection via Table or Column Name

CVE-2011-2714 MEDIUM

Drupal Data 6.x-1.0-alpha14 - Cross-Site Scripting in Table Descriptions

CVE-2011-3373 MEDIUM

Drupal Views Builk Operations 6.x-1.0-6.x-1.10 - XSS

CVE-2011-2726 HIGH

Drupal 7.0-7.5 - Unauthenticated File Download via Direct URL Access

Petition Node module < 6.x-1.5 - Authenticated Cross-Site Scripting

Drupal 7.0 - Exposure of Sensitive Information via Direct PHP File Request

Drupal 7.x < 7.3 - Unauthenticated Node Access Bypass via Missing JOIN Clause

CVE-2010-2473 MEDIUM

Drupal 5.0-5.21 - Unauthenticated Session Persistence via Blocked User Bypass

CVE-2010-2472 MEDIUM

Drupal 5.0-5.21 - Authenticated Cross-Site Scripting in Locale Module

CVE-2010-2250 MEDIUM

Drupal 5.0-5.22 - Cross-Site Scripting during Site Installation

CVE-2010-2471 MEDIUM

Drupal 5.x-6.x - Open Redirect

CVE-2010-5312 MEDIUM

jQuery UI <1.10.0 - XSS

Drupal OpenID Module < 6.18 and 5.x-1.4 - Authentication Bypass via Unsigned OpenID Fields

Drupal OpenID Module - Authentication Bypass via OpenID Response Nonce Reuse

Drupal <6.18 & <5.x-1.4 - Auth Bypass

Previous Page 12 of 21 Next

Products

drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy