Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-13255 | Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | 7.5 | 0.49% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13256 | Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | 7.5 | 0.39% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13257 | Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | 5.3 | 0.27% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13258 | Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | 9.8 | 0.58% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13259 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | 7.5 | 0.52% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13260 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | 8.8 | 0.19% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13261 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. | 3.5 | 0.06% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13262 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | 4.8 | 0.26% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13263 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. | 5.5 | 0.25% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13264 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | 9.8 | 0.45% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13265 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | 7.5 | 0.54% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13266 | Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | 5.3 | 0.33% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13267 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. | 7.5 | 0.54% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13268 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. | 6.8 | 0.45% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13269 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | 5.3 | 0.35% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13270 | Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | 4.3 | 0.30% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13271 | Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | 4.3 | 0.30% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13272 | Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | 6.3 | 0.23% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13273 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. | 5.4 | 0.15% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13274 | Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | 5.3 | 0.36% | 2025-01-09 | 2026-06-17 |