Filtered by vendor Drupal
Subscriptions
Total
880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9550 | 1 Drupal | 1 Drupal | 2025-10-21 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. | ||||
| CVE-2025-9551 | 1 Drupal | 1 Drupal | 2025-10-21 | 6.5 Medium |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0. | ||||
| CVE-2025-9549 | 1 Drupal | 1 Drupal | 2025-10-21 | 6.5 Medium |
| Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1. | ||||
| CVE-2025-8093 | 1 Drupal | 1 Drupal | 2025-10-21 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8. | ||||
| CVE-2025-9553 | 1 Drupal | 2 Api Key Manager, Drupal | 2025-10-21 | 5.3 Medium |
| Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*. | ||||
| CVE-2025-7031 | 2 Config Pages Viewer Project, Drupal | 2 Config Pages Viewer, Drupal | 2025-09-04 | 5.3 Medium |
| Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4. | ||||
| CVE-2025-7030 | 2 Drupal, Two-factor Authentication Project | 2 Drupal, Two-factor Authentication | 2025-09-04 | 6.5 Medium |
| Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0. | ||||
| CVE-2013-4230 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. | ||||
| CVE-2013-4504 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | ||||
| CVE-2013-4229 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. | ||||
| CVE-2015-8095 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern. | ||||
| CVE-2025-8996 | 2 Drupal, Layout Builder Advanced Permissions Project | 2 Drupal, Layout Builder Advanced Permissions | 2025-08-21 | 4.3 Medium |
| Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0. | ||||
| CVE-2025-8995 | 2 Authenticator Login Project, Drupal | 2 Authenticator Login, Drupal | 2025-08-21 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4. | ||||
| CVE-2025-8675 | 2 Ai Seo Link Advisor Project, Drupal | 2 Ai Seo Link Advisor, Drupal | 2025-08-21 | 4.7 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6. | ||||
| CVE-2025-8092 | 2 Cookies Consent Management Project, Drupal | 2 Cookies Consent Management, Cookies Consent Management | 2025-08-21 | 7.6 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.16. | ||||
| CVE-2025-8361 | 2 Config Pages Project, Drupal | 2 Config Pages, Drupal | 2025-08-21 | 7.6 High |
| Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0. | ||||
| CVE-2025-8362 | 2 Drupal, Googletag Manager Project | 2 Drupal, Googletag Manager | 2025-08-21 | 4.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0. | ||||
| CVE-2025-6675 | 2 Drupal, Miniorange | 2 Drupal, Miniorange 2fa | 2025-07-14 | 4.8 Medium |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. | ||||
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2025-06-20 | 7.5 High |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | ||||
| CVE-2025-48915 | 1 Drupal | 1 Cookies Consent Management | 2025-06-18 | 8.6 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. | ||||