Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2024-13258

    Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.... Read more

    Affected Products : rest_\&_json_api_authentication
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 5.3

    MEDIUM
    CVE-2024-13257

    Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3.... Read more

    Affected Products : commerce_view_receipt
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13256

    Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.... Read more

    Affected Products : email_contact
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13255

    Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.... Read more

    Affected Products : restful_web_services
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13254

    Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.... Read more

    Affected Products : rest_views
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Information Disclosure

  • 9.1

    CRITICAL
    CVE-2024-13253

    Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.... Read more

    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-13252

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.... Read more

    Affected Products : tacjs
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13251

    Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.... Read more

    Affected Products : registration_role
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 8.8

    HIGH
    CVE-2024-13250

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6.... Read more

    Affected Products : drupal_symfony_mailer_lite
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 5.4

    MEDIUM
    CVE-2024-13249

    Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2.... Read more

    Affected Products : node_access_rebuild_progressive
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.5

    MEDIUM
    CVE-2024-13248

    Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0.... Read more

    Affected Products : private_content
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 4.8

    MEDIUM
    CVE-2024-13247

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0.... Read more

    Affected Products : coffee
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.3

    MEDIUM
    CVE-2024-13246

    Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.... Read more

    Affected Products : node_access_rebuild_progressive
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 5.4

    MEDIUM
    CVE-2024-13245

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before ... Read more

    Affected Products : ckeditor_4
    • Published: Jan. 09, 2025
    • Modified: Jul. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.8

    HIGH
    CVE-2024-13244

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3.... Read more

    Affected Products : migrate_tools
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 6.5

    MEDIUM
    CVE-2024-13243

    Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1.... Read more

    Affected Products : entity_delete_log
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.1

    CRITICAL
    CVE-2024-13242

    Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*.... Read more

    Affected Products : swift_mailer
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Misconfiguration

  • 9.1

    CRITICAL
    CVE-2024-13241

    Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 7.5

    HIGH
    CVE-2024-13240

    Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.... Read more

    Affected Products : open_social
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2024-13239

    Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.... Read more

    Affected Products : two-factor_authentication
    • Published: Jan. 09, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Authentication
Showing 20 of 293425 Results