CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-13280	Persistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044 Description: Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13279	Two-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043 Description: Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13278	Diff - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-042 Description: Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13277	Smart IP Ban - Critical - Access bypass - SA-CONTRIB-2024-041 Description: Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13276	File Entity (fieldable files) - Moderately critical - Information Disclosure - SA-CONTRIB-2024-040 Description: Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13275	Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039 Description: Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13274	Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038 Description: Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13273	Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13272	Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036 Description: Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13271	Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035 Description: Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)