VYPR

Vendor CVEs

Drupal

All CVEs

1,207 total · sorted by risk
  • CVE-2024-13266Jan 9, 2025
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4.

  • CVE-2024-13265Jan 9, 2025
    risk 0.00cvss epss 0.01

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2.

  • CVE-2024-13264Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2.

  • CVE-2024-13263Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1.

  • CVE-2024-13262Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4.

  • CVE-2024-13260Jan 9, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1.

  • CVE-2024-13259Jan 9, 2025
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2.

  • CVE-2024-13258Jan 9, 2025
    risk 0.00cvss epss 0.01

    Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.

  • CVE-2024-13257Jan 9, 2025
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3.

  • CVE-2024-13256Jan 9, 2025
    risk 0.00cvss epss 0.00

    Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.

  • CVE-2024-13254Jan 9, 2025
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

  • CVE-2024-13253Jan 9, 2025
    risk 0.00cvss epss 0.00

    Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.

  • CVE-2024-13252Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.

  • CVE-2024-13251Jan 9, 2025
    risk 0.00cvss epss 0.00

    Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.

  • CVE-2024-13250Jan 9, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.

  • CVE-2024-13249Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2.

  • CVE-2024-13247Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0.

  • CVE-2024-13246Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.

  • CVE-2024-13244Jan 9, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.

  • CVE-2024-13243Jan 9, 2025
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.

  • CVE-2024-13242Jan 9, 2025
    risk 0.00cvss epss 0.00

    Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.

  • CVE-2024-13239Jan 9, 2025
    risk 0.00cvss epss 0.01

    Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.

  • CVE-2024-13238Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.

  • CVE-2024-13237Jan 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38.

  • CVE-2024-55637Dec 9, 2024
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure…

  • CVE-2024-55636Dec 9, 2024
    risk 0.00cvss epss 0.01

    Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure…

  • CVE-2024-55635Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.

  • CVE-2024-55634Dec 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

  • CVE-2024-12393Dec 9, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

  • CVE-2024-11942Dec 5, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

  • CVE-2024-11941Dec 5, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.

  • CVE-2024-6632Aug 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability.

  • CVE-2024-34481Jul 5, 2024
    risk 0.00cvss epss 0.01

    drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.

  • CVE-2024-24304Feb 7, 2024
    risk 0.00cvss epss 0.01

    In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction.

  • CVE-2024-22362Jan 16, 2024
    risk 0.00cvss epss 0.01

    Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

  • CVE-2023-33457Jun 6, 2023
    risk 0.00cvss epss 0.01

    In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.

  • CVE-2018-25085May 1, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation…

  • CVE-2008-10004Mar 6, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack…

  • CVE-2012-10004Jan 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the…

  • CVE-2022-45073Nov 18, 2022
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentication plugin <= 2.4.0 on WordPress.

  • CVE-2022-3631Nov 14, 2022
    risk 0.00cvss epss 0.01

    The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2021-41181Mar 8, 2022
    risk 0.00cvss epss 0.00

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone…

  • CVE-2020-13673Feb 11, 2022
    risk 0.00cvss epss 0.00

    The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this…

  • CVE-2021-25024Jan 17, 2022
    risk 0.00cvss epss 0.01

    The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues

  • CVE-2021-25025Jan 17, 2022
    risk 0.00cvss epss 0.00

    The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

  • CVE-2021-39222Nov 15, 2021
    risk 0.00cvss epss 0.01

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the…

  • CVE-2021-32689Jul 12, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in…

  • CVE-2021-35970Jun 30, 2021
    risk 0.00cvss epss 0.02

    Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

  • CVE-2021-32676Jun 16, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk…

  • CVE-2020-13688Jun 11, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X…

Page 6 of 25