Total
309352 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13303 | 1 Download All Files Project | 1 Download All Files | 2025-09-02 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. | |||||
| CVE-2024-13310 | 1 Git Utilities Project | 1 Git Utilities | 2025-09-02 | N/A | 6.5 MEDIUM |
| Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*. | |||||
| CVE-2024-13311 | 1 Allow All File Extensions For File Fields Project | 1 Allow All File Extensions For File Fields | 2025-09-02 | N/A | 7.3 HIGH |
| Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*. | |||||
| CVE-2024-13275 | 1 Security Kit Project | 1 Security Kit | 2025-09-02 | N/A | 5.3 MEDIUM |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | |||||
| CVE-2024-13276 | 1 File Entity Project | 1 File Entity | 2025-09-02 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | |||||
| CVE-2024-13277 | 1 Smart Ip Ban Project | 1 Smart Ip Ban | 2025-09-02 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | |||||
| CVE-2024-13278 | 1 Diff Project | 1 Diff | 2025-09-02 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | |||||
| CVE-2024-13279 | 1 Two-factor Authentication Project | 1 Two-factor Authentication | 2025-09-02 | N/A | 9.8 CRITICAL |
| Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. | |||||
| CVE-2024-13280 | 1 Persistent Login Project | 1 Persistent Login | 2025-09-02 | N/A | 9.8 CRITICAL |
| Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. | |||||
| CVE-2024-13281 | 1 Monster Menus Project | 1 Monster Menus | 2025-09-02 | N/A | 9.1 CRITICAL |
| Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | |||||
| CVE-2024-13282 | 1 Block Permissions Project | 1 Block Permissions | 2025-09-02 | N/A | 8.8 HIGH |
| Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | |||||
| CVE-2024-13283 | 1 Facets Project | 1 Facets | 2025-09-02 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | |||||
| CVE-2024-13284 | 1 Drupalgutenberg | 1 Gutenberg | 2025-09-02 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | |||||
| CVE-2024-13285 | 1 Wkhtmltopdf | 1 Wkhtmltopdf | 2025-09-02 | N/A | 9.8 CRITICAL |
| Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. | |||||
| CVE-2024-13286 | 1 Svg Embed Project | 1 Svg Embed | 2025-09-02 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. | |||||
| CVE-2024-13287 | 1 Views Svg Animation Project | 1 Views Svg Animation | 2025-09-02 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. | |||||
| CVE-2024-13288 | 1 Monster Menus Project | 1 Monster Menus | 2025-09-02 | N/A | 4.3 MEDIUM |
| Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. | |||||
| CVE-2024-13289 | 1 Usercentrics | 1 Cookiebot \+ Gtm | 2025-09-02 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. | |||||
| CVE-2025-9250 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9251 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||