VIR Vulnerability Intelligence Relay

Search

Found 33 results in 42ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-9082 critical 9.8 10.0 KEVEXP drupal 14d ago Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
CVE-2017-6919 high 7.5 7.5 drupal 9y ago Drupal access control bypass vulnerability
CVE-2017-6381 high 8.1 8.1 drupal 9y ago Drupal Remote code execution
CVE-2017-6379 high 7.5 7.5 drupal 9y ago Drupal Cross-Site Request Forgery (CSRF)
CVE-2017-6377 high 7.5 7.5 drupal 9y ago Drupal editor module incorrectly checks access to inline private files
CVE-2016-9450 high 7.5 7.5 FIX arch arch drupal 10y ago Drupal Incorrect cache context on password reset page
CVE-2016-6211 high 8.8 8.8 debian debian drupal 10y ago Drupal Saving user accounts can sometimes grant the user all roles
CVE-2016-5385 high 8.1 8.1 slesfedora fedorasuse suse oraclehpphp 10y ago HTTP Proxy header vulnerability
CVE-2016-3171 high 8.1 8.1 debian debian phpdrupal 10y ago Drupal arbitrary code execution
CVE-2016-3169 high 8.1 8.1 debian debian drupal 10y ago Drupal saving user accounts can sometimes grant the user all roles
CVE-2016-3167 high 7.4 7.4 debian debian phpdrupal 10y ago Drupal Open redirect vulnerability in the drupal_goto function
CVE-2016-3165 high 7.5 7.5 drupal 10y ago Drupal Form API ignores access restrictions on submit buttons
CVE-2016-3164 high 7.4 7.4 debian debian drupal 10y ago Drupal Open Redirect
CVE-2016-3163 high 7.5 7.5 debian debian drupal 10y ago Drupal Brute force amplification attacks via XML-RPC
CVE-2016-3162 high 8.1 8.1 debian debian drupal 10y ago Drupal File upload access bypass and denial of service
CVE-2015-6659 high 7.5 drupal 11y ago SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
CVE-2014-3704 high 8.5 EXP debian debian drupal 12y ago The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection att…
CVE-2014-1475 high 7.5 drupal 13y ago The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
CVE-2013-2247 high 7.5 fast_permissions_administration_projectdrupal 13y ago The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers …
CVE-2013-0318 critical 10.0 banckle_chat_projectdrupal 13y ago The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.
CVE-2012-5590 high 7.5 scriptheaddrupal 14y ago SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5550 high 7.5 carlos_carvalhardrupal 14y ago SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-4479 high 7.5 david_alkiredrupal 14y ago SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-4470 high 7.5 philip_ludlamdrupal 14y ago The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have…
CVE-2012-4498 high 7.5 morbus_iffdrupal 14y ago The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h…
CVE-2012-2306 high 7.5 willem_van_der_plaatdrupal 14y ago SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2303 high 7.5 florian_weberdrupal 14y ago The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
CVE-2012-2730 high 7.5 alexis_wilkedrupal 14y ago The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass …
CVE-2012-2718 high 7.5 drupal-iddrupal 14y ago SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
CVE-2011-4113 high 7.5 earl_milesdrupal 15y ago SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of view…
CVE-2011-2687 high 7.5 drupal 15y ago Drupal Access Control Bypass
CVE-2011-1663 high 7.5 icanlocalizedrupal 15y ago SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-3423 high 7.5 frekadrupal 16y ago SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.