The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2024-13284 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | -- | Jan 9, 2025 | n/a |
CVE-2024-13283 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | -- | Jan 9, 2025 | n/a |
CVE-2024-13282 | Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13281 | Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13280 | Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13279 | Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13278 | Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13277 | Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13276 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | -- | Jan 9, 2025 | n/a |
CVE-2024-13275 | Access of Resource Using Incompatible Type (\'Type Confusion\') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | -- | Jan 9, 2025 | n/a |
CVE-2024-13274 | Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | -- | Jan 9, 2025 | n/a |
CVE-2024-13273 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. | -- | Jan 9, 2025 | n/a |
CVE-2024-13272 | Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13271 | Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | -- | Jan 9, 2025 | n/a |
CVE-2024-13270 | Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13269 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | -- | Jan 9, 2025 | n/a |
CVE-2024-13268 | Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. | -- | Jan 9, 2025 | n/a |
CVE-2024-13267 | Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. | -- | Jan 9, 2025 | n/a |
CVE-2024-13266 | Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | -- | Jan 9, 2025 | n/a |
CVE-2024-13265 | Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13264 | Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13263 | Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13262 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | -- | Jan 9, 2025 | n/a |
CVE-2024-13261 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. | -- | Jan 9, 2025 | n/a |
CVE-2024-13260 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13259 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13258 | Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | -- | Jan 9, 2025 | n/a |
CVE-2024-13257 | Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | -- | Jan 9, 2025 | n/a |
CVE-2024-13256 | Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | -- | Jan 9, 2025 | n/a |
CVE-2024-13255 | Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | -- | Jan 9, 2025 | n/a |
CVE-2024-13254 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13253 | Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13252 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13251 | Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13250 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | -- | Jan 9, 2025 | n/a |
CVE-2024-13249 | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13248 | Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13247 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13246 | Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. | -- | Jan 9, 2025 | n/a |
CVE-2024-13245 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13244 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | -- | Jan 9, 2025 | n/a |
CVE-2024-13243 | Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | -- | Jan 9, 2025 | n/a |
CVE-2024-13242 | Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | -- | Jan 9, 2025 | n/a |
CVE-2024-13241 | Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | -- | Jan 9, 2025 | n/a |
CVE-2024-13240 | Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | -- | Jan 9, 2025 | n/a |
CVE-2024-13239 | Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13238 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. | -- | Jan 9, 2025 | n/a |
CVE-2024-13237 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. | -- | Jan 9, 2025 | n/a |
CVE-2024-13213 | A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | -- | Jan 9, 2025 | n/a |
CVE-2024-13212 | A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | -- | Jan 9, 2025 | n/a |