drupal

509 tracked vulnerabilities.

CVE-2008-0275
Drupal Atom Module < 4.7 - Unauthenticated Unauthorized Access to Syndicated Content
Jan 15, 2008
EPSS 0.00
CVE-2008-0276
Drupal Devel module < 5.x-0.1 - Cross-Site Scripting via Site Variable
Jan 15, 2008
EPSS 0.00
CVE-2008-0277
Drupal Fileshare Module - Authenticated Remote Code Execution
Jan 15, 2008
EPSS 0.01
CVE-2007-6752
Drupal < 7.12 - Cross-Site Request Forgery via User Logout URI
Mar 28, 2012
EPSS 0.02
CVE-2007-6320
Drupal Feature Module 4.7.x-dev and 5.x-dev before 20071206 - Cross-Site Request Forgery
Dec 12, 2007
EPSS 0.00
CVE-2007-6298
Drupal Shoutbox < 5.x-1.1 - Authenticated Cross-Site Scripting via Shoutbox Block Messages
Dec 10, 2007
EPSS 0.00
CVE-2007-6299
Drupal & vbDrupal <4.7.9, 5.x - SQL Injection
Dec 10, 2007
EPSS 0.02
CVE-2007-5621
Token module < 1.4 - Authenticated Cross-Site Scripting via Comments
Oct 22, 2007
EPSS 0.00
CVE-2007-5593
Drupal 5.x < 5.3 - Remote Code Execution via install.php Database Unreachable Vector
Oct 19, 2007
EPSS 0.03
CVE-2007-5594
Drupal 5.x < 5.3 - Cross-Site Request Forgery via User Deletion Form
Oct 19, 2007
EPSS 0.01
CVE-2007-5595
Drupal <4.7.8, <5.3 - CRLF Injection
Oct 19, 2007
EPSS 0.03
CVE-2007-5596
Drupal 4.7.0-4.7.7 - Stored Cross-Site Scripting via HTML File Upload
Oct 19, 2007
EPSS 0.01
CVE-2007-5597
Drupal 4.7.0-4.7.7 - Access Restriction Bypass via hook_comments API
Oct 19, 2007
EPSS 0.01
CVE-2007-5416
Drupal < 5.2 - Remote Code Execution via Callback Parameter Hash Collision
Oct 12, 2007
EPSS 0.05
CVE-2007-5228
Drupal Project Issue Tracking < 4.7.x-1.5/2.5, < 5.x-1.1 - Authenticated XSS via Subscription Form
Oct 05, 2007
EPSS 0.00
CVE-2007-4436
Drupal Project module <5.x-1.0, 4.7.x-2.3, 4.7.x-1.3 - Info Disclosure
Aug 20, 2007
EPSS 0.00
CVE-2007-4363
Drupal CCK <4.7.x-1.6 & 5.x-1.6 - XSS
Aug 15, 2007
EPSS 0.01
CVE-2007-4063
Drupal 5.x < 5.2 - Cross-Site Request Forgery via Forms API
Jul 30, 2007
EPSS 0.01
CVE-2007-4064
Drupal 4.7.x < 4.7.7 and 5.x < 5.2 - Cross-Site Scripting via PHP_SELF and Custom Content Type Names
Jul 30, 2007
EPSS 0.01
CVE-2007-3817
Drupal LoginToboggan Module < 4.7.x-1.0 - Cross-Site Scripting via Crafted Username
Jul 17, 2007
EPSS 0.01
CVE-2007-3818
Drupal LoginToboggan Module < 4.7.x-1.0 - Authenticated Cross-Site Scripting via Login Block Message
Jul 17, 2007
EPSS 0.00
CVE-2007-3689
Drupal Print module <4.7-1.0 & 5.x-1.2 - Info Disclosure
Jul 11, 2007
EPSS 0.01
CVE-2007-3690
Drupal Forward <4.7-1.1 & 5.x-1.0 - Info Disclosure
Jul 11, 2007
EPSS 0.01
CVE-2007-2159
Drupal Database Administration Module 4.6.x-* and 4.7.x-1.* < 4.7.x-1.2 - Cross-Site Scripting
Apr 22, 2007
EPSS 0.00
CVE-2007-2160
Drupal Database Administration Module 4.6.x-* and < 4.7.x-1.2 - Cross-Site Request Forgery
Apr 22, 2007
EPSS 0.01
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV