Filtered by vendor Drupal
Subscriptions
Filtered by product Drupal
Subscriptions
Total
729 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | ||||
| CVE-2016-9452 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL. | ||||
| CVE-2016-3163 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method. | ||||
| CVE-2016-6211 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The User module in Drupal 7.x before 7.44 allows remote authenticated users to gain privileges via vectors involving contributed or custom code that triggers a rebuild of the user profile form. | ||||
| CVE-2014-5266 | 3 Debian, Drupal, Wordpress | 3 Debian Linux, Drupal, Wordpress | 2025-04-12 | N/A |
| The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265. | ||||
| CVE-2014-5022 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field. | ||||
| CVE-2014-5267 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document. | ||||
| CVE-2013-7302 | 2 Drupal, Ubercart | 2 Drupal, Ubercart | 2025-04-12 | N/A |
| Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote attackers to hijack web sessions by leveraging knowledge of the original session ID. | ||||
| CVE-2014-5021 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label. | ||||
| CVE-2013-4380 | 2 Drupal, Mediafront | 2 Drupal, Mediafront | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. | ||||
| CVE-2013-4498 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2025-04-12 | N/A |
| The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content. | ||||
| CVE-2013-4177 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-12 | N/A |
| The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors. | ||||
| CVE-2013-1946 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2025-04-12 | N/A |
| The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache." | ||||
| CVE-2013-4178 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-12 | N/A |
| The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password (OTP). | ||||
| CVE-2013-4502 | 2 Drupal, Nathan Haug | 2 Drupal, Filefield Sources | 2025-04-12 | N/A |
| The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. | ||||
| CVE-2015-3232 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. | ||||
| CVE-2016-7570 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes. | ||||
| CVE-2012-2075 | 2 Drupal, Steindom | 2 Drupal, Contact Save | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2012-2074 | 2 Drupal, Ubercart Views Project | 2 Drupal, Uc Views | 2025-04-11 | N/A |
| Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| CVE-2012-2076 | 2 Drupal, Rob Loach | 2 Drupal, Sharethis | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. | ||||