Vendor CVEs
Drupal
All CVEs
1,207 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-13266 | 0.00 | — | 0.00 | Jan 9, 2025 | Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | |||
| CVE-2024-13265 | 0.00 | — | 0.01 | Jan 9, 2025 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | |||
| CVE-2024-13264 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | |||
| CVE-2024-13263 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. | |||
| CVE-2024-13262 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | |||
| CVE-2024-13260 | 0.00 | — | 0.00 | Jan 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | |||
| CVE-2024-13259 | 0.00 | — | 0.00 | Jan 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | |||
| CVE-2024-13258 | 0.00 | — | 0.01 | Jan 9, 2025 | Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | |||
| CVE-2024-13257 | 0.00 | — | 0.00 | Jan 9, 2025 | Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | |||
| CVE-2024-13256 | 0.00 | — | 0.00 | Jan 9, 2025 | Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | |||
| CVE-2024-13254 | 0.00 | — | 0.00 | Jan 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | |||
| CVE-2024-13253 | 0.00 | — | 0.00 | Jan 9, 2025 | Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | |||
| CVE-2024-13252 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | |||
| CVE-2024-13251 | 0.00 | — | 0.00 | Jan 9, 2025 | Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | |||
| CVE-2024-13250 | 0.00 | — | 0.00 | Jan 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | |||
| CVE-2024-13249 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | |||
| CVE-2024-13247 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | |||
| CVE-2024-13246 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. | |||
| CVE-2024-13244 | 0.00 | — | 0.00 | Jan 9, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | |||
| CVE-2024-13243 | 0.00 | — | 0.00 | Jan 9, 2025 | Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | |||
| CVE-2024-13242 | 0.00 | — | 0.00 | Jan 9, 2025 | Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | |||
| CVE-2024-13239 | 0.00 | — | 0.01 | Jan 9, 2025 | Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | |||
| CVE-2024-13238 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. | |||
| CVE-2024-13237 | 0.00 | — | 0.00 | Jan 9, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. | |||
| CVE-2024-55637 | 0.00 | — | 0.01 | Dec 9, 2024 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure… | |||
| CVE-2024-55636 | 0.00 | — | 0.01 | Dec 9, 2024 | Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure… | |||
| CVE-2024-55635 | 0.00 | — | 0.00 | Dec 9, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102. | |||
| CVE-2024-55634 | 0.00 | — | 0.00 | Dec 9, 2024 | A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | |||
| CVE-2024-12393 | 0.00 | — | 0.00 | Dec 9, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | |||
| CVE-2024-11942 | 0.00 | — | 0.00 | Dec 5, 2024 | A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | |||
| CVE-2024-11941 | 0.00 | — | 0.00 | Dec 5, 2024 | A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. | |||
| CVE-2024-6632 | 0.00 | — | 0.01 | Aug 27, 2024 | A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability. | |||
| CVE-2024-34481 | 0.00 | — | 0.01 | Jul 5, 2024 | drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page. | |||
| CVE-2024-24304 | 0.00 | — | 0.01 | Feb 7, 2024 | In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. | |||
| CVE-2024-22362 | 0.00 | — | 0.01 | Jan 16, 2024 | Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | |||
| CVE-2023-33457 | 0.00 | — | 0.01 | Jun 6, 2023 | In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. | |||
| CVE-2018-25085 | 0.00 | — | 0.00 | May 1, 2023 | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation… | |||
| CVE-2008-10004 | 0.00 | — | 0.01 | Mar 6, 2023 | A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack… | |||
| CVE-2012-10004 | 0.00 | — | 0.01 | Jan 11, 2023 | A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the… | |||
| CVE-2022-45073 | 0.00 | — | 0.00 | Nov 18, 2022 | Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress. | |||
| CVE-2022-3631 | 0.00 | — | 0.01 | Nov 14, 2022 | The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for… | |||
| CVE-2021-41181 | 0.00 | — | 0.00 | Mar 8, 2022 | Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone… | |||
| CVE-2020-13673 | 0.00 | — | 0.00 | Feb 11, 2022 | The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this… | |||
| CVE-2021-25024 | 0.00 | — | 0.01 | Jan 17, 2022 | The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues | |||
| CVE-2021-25025 | 0.00 | — | 0.00 | Jan 17, 2022 | The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events | |||
| CVE-2021-39222 | 0.00 | — | 0.01 | Nov 15, 2021 | Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the… | |||
| CVE-2021-32689 | 0.00 | — | 0.01 | Jul 12, 2021 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in… | |||
| CVE-2021-35970 | 0.00 | — | 0.02 | Jun 30, 2021 | Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. | |||
| CVE-2021-32676 | 0.00 | — | 0.01 | Jun 16, 2021 | Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk… | |||
| CVE-2020-13688 | 0.00 | — | 0.01 | Jun 11, 2021 | Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X… |
- CVE-2024-13266Jan 9, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4.
- CVE-2024-13265Jan 9, 2025risk 0.00cvss —epss 0.01
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.
- CVE-2024-13264Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.
- CVE-2024-13263Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.
- CVE-2024-13262Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4.
- CVE-2024-13260Jan 9, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.
- CVE-2024-13259Jan 9, 2025risk 0.00cvss —epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2.
- CVE-2024-13258Jan 9, 2025risk 0.00cvss —epss 0.01
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.
- CVE-2024-13257Jan 9, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3.
- CVE-2024-13256Jan 9, 2025risk 0.00cvss —epss 0.00
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.
- CVE-2024-13254Jan 9, 2025risk 0.00cvss —epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.
- CVE-2024-13253Jan 9, 2025risk 0.00cvss —epss 0.00
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.
- CVE-2024-13252Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.
- CVE-2024-13251Jan 9, 2025risk 0.00cvss —epss 0.00
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.
- CVE-2024-13250Jan 9, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.
- CVE-2024-13249Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2.
- CVE-2024-13247Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0.
- CVE-2024-13246Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.
- CVE-2024-13244Jan 9, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.
- CVE-2024-13243Jan 9, 2025risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.
- CVE-2024-13242Jan 9, 2025risk 0.00cvss —epss 0.00
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.
- CVE-2024-13239Jan 9, 2025risk 0.00cvss —epss 0.01
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
- CVE-2024-13238Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.
- CVE-2024-13237Jan 9, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38.
- CVE-2024-55637Dec 9, 2024risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure…
- CVE-2024-55636Dec 9, 2024risk 0.00cvss —epss 0.01
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure…
- CVE-2024-55635Dec 9, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
- CVE-2024-55634Dec 9, 2024risk 0.00cvss —epss 0.00
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
- CVE-2024-12393Dec 9, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
- CVE-2024-11942Dec 5, 2024risk 0.00cvss —epss 0.00
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
- CVE-2024-11941Dec 5, 2024risk 0.00cvss —epss 0.00
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.
- CVE-2024-6632Aug 27, 2024risk 0.00cvss —epss 0.01
A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.
- CVE-2024-34481Jul 5, 2024risk 0.00cvss —epss 0.01
drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.
- CVE-2024-24304Feb 7, 2024risk 0.00cvss —epss 0.01
In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.
- CVE-2024-22362Jan 16, 2024risk 0.00cvss —epss 0.01
Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
- CVE-2023-33457Jun 6, 2023risk 0.00cvss —epss 0.01
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.
- CVE-2018-25085May 1, 2023risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation…
- CVE-2008-10004Mar 6, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack…
- CVE-2012-10004Jan 11, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the…
- CVE-2022-45073Nov 18, 2022risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.
- CVE-2022-3631Nov 14, 2022risk 0.00cvss —epss 0.01
The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…
- CVE-2021-41181Mar 8, 2022risk 0.00cvss —epss 0.00
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone…
- CVE-2020-13673Feb 11, 2022risk 0.00cvss —epss 0.00
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this…
- CVE-2021-25024Jan 17, 2022risk 0.00cvss —epss 0.01
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
- CVE-2021-25025Jan 17, 2022risk 0.00cvss —epss 0.00
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
- CVE-2021-39222Nov 15, 2021risk 0.00cvss —epss 0.01
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the…
- CVE-2021-32689Jul 12, 2021risk 0.00cvss —epss 0.01
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in…
- CVE-2021-35970Jun 30, 2021risk 0.00cvss —epss 0.02
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.
- CVE-2021-32676Jun 16, 2021risk 0.00cvss —epss 0.01
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk…
- CVE-2020-13688Jun 11, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X…
Page 6 of 25