Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-13275 | Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | 5.3 | 0.36% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13276 | Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | 7.5 | 0.36% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13277 | Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | 9.1 | 0.34% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13278 | Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | 9.1 | 0.34% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13279 | Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. | 9.8 | 0.44% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13280 | Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. | 9.8 | 0.39% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13281 | Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | 9.1 | 0.34% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13282 | Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | 8.8 | 0.33% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13283 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | 6.1 | 0.18% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13284 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | 8.8 | 0.17% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13285 | Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. | 9.8 | 0.43% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13286 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. | 5.4 | 0.23% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13287 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. | 5.4 | 0.23% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13288 | Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. | 4.3 | 0.33% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13289 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. | 5.4 | 0.29% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13290 | Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | 5.3 | 0.25% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13291 | Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | 7.3 | 0.31% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13292 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. | 4.8 | 0.19% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13293 | Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | 3.1 | 0.13% | 2025-01-09 | 2026-06-17 |
| CVE-2024-13294 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | 5.4 | 0.22% | 2025-01-09 | 2026-06-17 |