Search

Found 5 results in 351ms · Match type: Filtered list

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-9082	critical	9.8	10.0	KEVEXP		drupal	15d ago	Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
CVE-2014-9016	medium	—	6.0	EXP	debian	drupalsecure_password_hashes_project	12y ago	The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
CVE-2014-5266	medium	—	6.0	EXPFIX	debian	wordpressdrupal	12y ago	The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta…
CVE-2012-4554	medium	—	6.0	EXP		drupal	14y ago	The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
CVE-2007-6752	medium	—	7.8	EXP		drupal	14y ago	Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout …