VYPR

Vendor CVEs

Drupal

All CVEs

1,207 total · sorted by risk
  • CVE-2025-6675Jun 26, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0…

  • CVE-2025-6674Jun 26, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3.

  • CVE-2025-5682Jun 26, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.7.

  • CVE-2025-48922Jun 26, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16.

  • CVE-2025-48923Jun 26, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1.

  • CVE-2025-48915Jun 13, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.

  • CVE-2025-48914Jun 13, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.

  • CVE-2025-48919Jun 13, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

  • CVE-2025-48918Jun 13, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

  • CVE-2025-48916Jun 13, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.

  • CVE-2025-48448Jun 11, 2025
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.

  • CVE-2025-48446Jun 11, 2025
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.

  • CVE-2025-48445Jun 11, 2025
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.

  • CVE-2025-48013Jun 11, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

  • CVE-2025-48444Jun 11, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.

  • CVE-2025-48012May 21, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.

  • CVE-2025-48011May 21, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.

  • CVE-2025-48010May 21, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.

  • CVE-2025-48009May 21, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.

  • CVE-2025-4416May 21, 2025
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling vulnerability in Drupal Events Log Track allows Excessive Allocation.This issue affects Events Log Track: from 0.0.0 before 3.1.11, from 4.0.0 before 4.0.2.

  • CVE-2025-4415May 21, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.

  • CVE-2025-47710May 14, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

  • CVE-2025-47709May 14, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

  • CVE-2025-47708May 14, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

  • CVE-2025-47707May 14, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

  • CVE-2025-47706May 14, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

  • CVE-2025-47705May 14, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 2.0.0 before 2.0.5, from 7.X-1.0 through 7.X-1.5, from 1.0 through…

  • CVE-2025-47704May 14, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Klaro Cookie & Consent Management allows Cross-Site Scripting (XSS).This issue affects Klaro Cookie & Consent Management: from 0.0.0 before 3.0.5.

  • CVE-2025-47703May 14, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14.

  • CVE-2025-47702May 14, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.

  • CVE-2025-47701May 14, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.

  • CVE-2025-3907Apr 23, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Search API Solr allows Cross Site Request Forgery.This issue affects Search API Solr: from 0.0.0 before 4.3.9.

  • CVE-2025-3904Apr 23, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Sportsleague.This issue affects Sportsleague: *.*.

  • CVE-2025-3903Apr 23, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器: *.*.

  • CVE-2025-3901Apr 23, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Bootstrap Site Alert allows Cross-Site Scripting (XSS).This issue affects Bootstrap Site Alert: from 0.0.0 before 1.13.0, from 3.0.0 before 3.0.4.

  • CVE-2025-3900Apr 23, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.

  • CVE-2025-3739Apr 16, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Drupal 8 Google Optimize Hide Page.This issue affects Drupal 8 Google Optimize Hide Page: *.*.

  • CVE-2025-3738Apr 16, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Google Optimize.This issue affects Google Optimize: *.*.

  • CVE-2025-3737Apr 16, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Google Maps: Store Locator.This issue affects Google Maps: Store Locator: *.*.

  • CVE-2025-3736Apr 16, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Simple GTM.This issue affects Simple GTM: *.*.

  • CVE-2025-3735Apr 16, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Panelizer (obsolete).This issue affects Panelizer (obsolete): *.*.

  • CVE-2025-3733Apr 16, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal baguetteBox.Js allows Cross-Site Scripting (XSS).This issue affects baguetteBox.Js: from 0.0.0 before 2.0.4, from 3.0.0 before 3.0.1.

  • CVE-2025-3131Apr 9, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.

  • CVE-2025-3475Apr 9, 2025
    risk 0.00cvss epss 0.00

    Allocation of Resources Without Limits or Throttling, Incorrect Authorization vulnerability in Drupal WEB-T allows Excessive Allocation, Content Spoofing.This issue affects WEB-T: from 0.0.0 before 1.1.0.

  • CVE-2025-3130Apr 2, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.

  • CVE-2025-3129Apr 2, 2025
    risk 0.00cvss epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.

  • CVE-2025-3062Mar 31, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: *.*.

  • CVE-2025-3061Mar 31, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Material Admin.This issue affects Material Admin: *.*.

  • CVE-2025-3060Mar 31, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: *.*.

  • CVE-2025-3059Mar 31, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal Profile Private.This issue affects Profile Private: *.*.

Page 4 of 25