CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (339475 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-31690	1 Cache Utility Project	1 Cache Utility	2025-09-02	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Cache Utility allows Cross Site Request Forgery.This issue affects Cache Utility: from 0.0.0 before 1.2.1.
CVE-2025-31691	1 Oauth2 Server Project	1 Oauth2 Server	2025-09-02	9.8 Critical
Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.
CVE-2025-31694	1 Two-factor Authentication Project	1 Two-factor Authentication	2025-09-02	8.1 High
Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.
CVE-2025-31695	1 Upstreamable	1 Link Field Display Mode Formatter	2025-09-02	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting (XSS).This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0.
CVE-2025-31696	1 Chapterthree	1 Rapidoc Oas Field Formatter	2025-09-02	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal RapiDoc OAS Field Formatter allows Cross-Site Scripting (XSS).This issue affects RapiDoc OAS Field Formatter: from 0.0.0 before 1.0.1.
CVE-2025-31697	1 Formatter Suite Project	1 Formatter Suite	2025-09-02	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Formatter Suite allows Cross-Site Scripting (XSS).This issue affects Formatter Suite: from 0.0.0 before 2.1.0.
CVE-2025-3059	1 Profile Private Project	1 Profile Private	2025-09-02	5.3 Medium
Vulnerability in Drupal Profile Private.This issue affects Profile Private: ..
CVE-2025-3060	1 Flattern Project	1 Flattern	2025-09-02	6.6 Medium
Vulnerability in Drupal Flattern – Multipurpose Bootstrap Business Profile.This issue affects Flattern – Multipurpose Bootstrap Business Profile: ..
CVE-2025-3061	1 Material Admin Project	1 Material Admin	2025-09-02	6.6 Medium
Vulnerability in Drupal Material Admin.This issue affects Material Admin: ..
CVE-2025-3062	1 Admin Lte Theme Project	1 Admin Lte Theme	2025-09-02	6.6 Medium
Vulnerability in Drupal Drupal Admin LTE theme.This issue affects Drupal Admin LTE theme: ..
CVE-2025-31286	1 Trendmicro	1 Trend Vision One	2025-09-02	4.6 Medium
An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability.
CVE-2025-3129	1 Access Code Project	1 Access Code	2025-09-02	4.8 Medium
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.4.
CVE-2024-13290	1 Ohdear	1 Ohdear Integration	2025-09-02	5.3 Medium
Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.
CVE-2024-13291	1 Basic Http Authentication Project	1 Basic Http Authentication	2025-09-02	7.3 High
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.
CVE-2024-2859	1 Broadcom	1 Brocade Sannav	2025-09-02	6.8 Medium
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
CVE-2024-13292	1 Tooltip Project	1 Tooltip	2025-09-02	4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2.
CVE-2024-13293	1 Post File Project	1 Post File	2025-09-02	3.1 Low
Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2.
CVE-2024-13294	1 Post File Project	1 Post File	2025-09-02	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2.
CVE-2024-13295	1 Node Export Project	1 Node Export	2025-09-02	6.6 Medium
Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3.
CVE-2024-13298	1 Kleegroup	1 Tarte Au Citron	2025-09-02	4.8 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5.

« first previous Page 2672 of 16974. next last »