Skip to main content
CVE-2024-13299 MEDIUM This Month

Vulnerability in Drupal Megamenu Framework.*. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Megamenu Framework Drupal
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-13298 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).0.0 before 2.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tarte Au Citron Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13297 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.X-* before 7.X-1.15. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Eloqua Drupal
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2024-13296 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.0.0 before 4.0.1. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Mailjet Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-13295 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.X-* before 7.X-3.3. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Node Export Drupal
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-13294 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).0.0 before 1.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post File Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13293 LOW PATCH Monitor

Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.0.0 before 1.0.2. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Post File Drupal
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2024-13292 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).0.0 before 1.1.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tooltip Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13291 HIGH This Month

Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.X-1.0 before 7.X-1.4. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Basic Http Authentication Drupal
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-13290 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.0.0 before 2.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ohdear Integration Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13289 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).0.0 before 1.0.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookiebot Gtm Drupal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-13288 MEDIUM PATCH Monitor

Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.0.0 before 9.3.4, from 9.4.0 before 9.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Monster Menus Drupal
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56114 MEDIUM POC This Week

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Canlineapp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-56113 HIGH This Month

Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-55494 MEDIUM This Month

A PHP Code Injection vulnerability that can lead to Remote Code Execution (RCE) and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-54762 MEDIUM POC This Month

Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-54761 MEDIUM POC This Month

BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Bigant Office Messenger 5
NVD GitHub Exploit-DB
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-46505 CRITICAL This Week

Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-42898 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Xi
NVD GitHub
CVSS 3.1
5.4
EPSS
2.8%
CVE-2024-13287 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).0.0 before 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Views Svg Animation Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13286 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).0.0 before 2.1.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Svg Embed Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13285 CRITICAL This Week

Vulnerability in Drupal wkhtmltopdf.*. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wkhtmltopdf Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13284 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.0.0 before 2.13.0, from 3.0.0 before 3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gutenberg Drupal
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-13283 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).0.0 before 2.0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Facets Drupal
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2024-13282 HIGH PATCH This Month

Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.0.0 before 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Block Permissions Drupal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-13281 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.0.0 before 9.3.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Monster Menus Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13280 CRITICAL PATCH This Week

Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.0.0 before 1.8.0, from 2.0.* before 2.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Persistent Login Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13279 CRITICAL PATCH This Week

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.0.0 before 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Two Factor Authentication Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13278 CRITICAL PATCH This Week

Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.0.0 before 1.8.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Diff Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13277 CRITICAL This Week

Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.X-1.0 before 7.X-1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Ip Ban Drupal
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-13276 HIGH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.X-* before 7.X-2.39. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure File Entity Drupal
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-13275 MEDIUM PATCH This Month

Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.0.0 before 2.0.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Security Kit Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13274 MEDIUM PATCH This Month

Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.0.0 before 12.3.8, from 12.4.0 before 12.4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Social Drupal
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-13273 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).0.0 before 12.3.8, from 12.4.0 before. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Social Drupal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-13272 MEDIUM PATCH This Month

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.0.0 before 1.23.0, from 2.0.0 before 2.0.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paragraphs Table Drupal
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-13271 MEDIUM PATCH Monitor

Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.0.0 before 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Content Entity Clone Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13270 MEDIUM PATCH Monitor

Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.0.0 before 4.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Freelinking Drupal
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-13269 MEDIUM PATCH This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.0.0 before 4.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Advanced Varnish Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13268 MEDIUM This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.X-1.0 before 7.X-1.23. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Opigno Drupal
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-13267 HIGH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.X-1.0 before 7.X-1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Tincan Question Type Drupal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13266 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.0.0 before 4.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Responsive And Off Canvas Menu Drupal
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13265 HIGH PATCH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.0.0 before 3.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection PHP Learning Path Drupal
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-13264 CRITICAL PATCH This Week

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.0.0 before 3.1.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection PHP Opigno Module Drupal
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-13263 MEDIUM PATCH This Month

Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.0.0 before 3.1.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Group Manager Drupal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-13262 MEDIUM PATCH Monitor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).0.0 before 6.0.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS View Password Drupal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-13261 LOW PATCH Monitor

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Dam Drupal
NVD
CVSS 3.1
3.5
EPSS
0.1%
CVE-2024-13260 HIGH PATCH This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.0.0 before 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Migrate Queue Importer Drupal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-10215 CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wpbookit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-22151 LOW PATCH Monitor

Strawberry GraphQL is a library for creating GraphQL APIs. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Privilege Escalation Python Information Disclosure
NVD GitHub
CVSS 3.1
3.7
EPSS
0.2%
CVE-2025-21598 HIGH This Month

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Juniper Junos Junos Os Evolved
NVD VulDB
CVSS 4.0
8.2
EPSS
0.6%
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy