Filters
Software
drupal drupal
89
drupal everyblog
3
drupal chatroom module
2
drupal shindig-integrator
2
drupal activity
1
drupal aggregation module
1
drupal audio module
1
drupal avatar uploader
1
drupal bibliography module
1
drupal brilliant gallery
1
drupal core
1
drupal database administration module
1
drupal drupal core
1
drupal drupal easylinks module
1
drupal drupal pubcookie module
1
drupal extended tracker
1
drupal fileshare module
1
drupal form mail module
1
drupal forward module
1
drupal getid3
1
drupal help tip module
1
drupal job search
1
drupal magic tabs module
1
drupal mailhandler
1
drupal mediafield module
1
drupal nodeaccess userreference
1
drupal print module
1
drupal project
1
drupal project issue tracking module
1
drupal secure site module
1
drupal svg sanitizer
1
drupal trailscout module
1
drupal views
1
drupal-id counter module
1
composer/drupal/coreDrupal contains a vulnerability with improper handling of structural elements. If this vulnerability…
7.5
EPSS
0.05%
First published (updated )
Drupal DrupalDrupal core - Critical - Cache poisoning - SA-CORE-2023-006
7.5
First published (updated )
Symfony TwigTwig may load a template outside a configured directory when using the filesystem loader
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreDrupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
7.5
First published (updated )
Drupal DrupalFailure to strip the Cookie header on change in host or HTTP downgrade in Guzzle
7.5
First published (updated )
Drupal DrupalFix failure to strip Authorization header on HTTP downgrade in Guzzle
7.5
First published (updated )
composer/guzzlehttp/guzzleCross-domain cookie leakage in Guzzle
8.1
First published (updated )
composer/guzzlehttp/psr7Improper Input Validation in guzzlehttp/psr7
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Financial Services Analytical Applications InfrastructureRegular expression Denial of Service in dialog plugin
7.5
First published (updated )
composer/drupal/coreUnder some circumstances, the Drupal core JSON:API module does not properly restrict access to certa…
7.5
First published (updated )
Oracle Banking ApisHTML comments vulnerability allowing to execute JavaScript code
8.2
First published (updated )
Oracle Banking ApisAdvanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
8.2
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Primavera GatewayXSS in `*Text` options of the Datepicker widget
7.2
First published (updated )
Oracle Primavera UnifierXSS in the `of` option of the `.position()` util
7.2
First published (updated )
Oracle Primavera UnifierXSS in the `altField` option of the Datepicker widget
7.2
First published (updated )
Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
First published (updated )
composer/drupal/coreDrupal core Un-restricted Upload of File
First published (updated )
composer/drupal/coreDrupal core - Moderately critical - Information disclosure - SA-CORE-2020-011
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Fedoraproject FedoraAn access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability …
7.5
First published (updated )
Drupal Svg SanitizerA Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drup…
7.5
First published (updated )
SensioLabs SymfonyCVE-2019-10911: Add a separator in the remember me cookie hash
7.5
First published (updated )
Oracle Application Testing SuiteXSS, Input Validation
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreDrupal Core Remote Code Execution Vulnerability
First published (updated )
composer/drupal/drupalthird-party PEAR Archive_Tar library updates
8
First published (updated )
composer/drupal/drupalLanguage fallback can be incorrect on multilingual sites with node access restrictions.
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
composer/drupal/coreREST API can bypass comment approval.
7.4
First published (updated )
Drupal DrupalEditor module incorrectly checks access to inline private files
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalIncorrect cache context on password reset page
7.5
First published (updated )
Drupal DrupalSaving user accounts can sometimes grant the user all roles
8.8
First published (updated )
Drupal DrupalBrute force amplification attacks via XML-RPC
7.5
First published (updated )
Drupal DrupalForm API ignores access restrictions on submit buttons
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Drupal DrupalOpen redirect via double-encoded 'destination' parameter
7.4
First published (updated )
Drupal DrupalFile upload access bypass and denial of service
8.1
First published (updated )
Drupal DrupalSaving user accounts can sometimes grant the user all roles
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.