CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 101120 of 364 results
«« First « Prev Page 6 / 19 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2024-13275 Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. 5.3 0.36% 2025-01-09 2026-06-17
CVE-2024-13276 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. 7.5 0.36% 2025-01-09 2026-06-17
CVE-2024-13277 Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. 9.1 0.34% 2025-01-09 2026-06-17
CVE-2024-13278 Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. 9.1 0.34% 2025-01-09 2026-06-17
CVE-2024-13279 Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. 9.8 0.44% 2025-01-09 2026-06-17
CVE-2024-13280 Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. 9.8 0.39% 2025-01-09 2026-06-17
CVE-2024-13281 Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. 9.1 0.34% 2025-01-09 2026-06-17
CVE-2024-13282 Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. 8.8 0.33% 2025-01-09 2026-06-17
CVE-2024-13283 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. 6.1 0.18% 2025-01-09 2026-06-17
CVE-2024-13284 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. 8.8 0.17% 2025-01-09 2026-06-17
CVE-2024-13285 Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. 9.8 0.43% 2025-01-09 2026-06-17
CVE-2024-13286 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. 5.4 0.23% 2025-01-09 2026-06-17
CVE-2024-13287 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. 5.4 0.23% 2025-01-09 2026-06-17
CVE-2024-13288 Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. 4.3 0.33% 2025-01-09 2026-06-17
CVE-2024-13289 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. 5.4 0.29% 2025-01-09 2026-06-17
CVE-2024-13290 Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. 5.3 0.25% 2025-01-09 2026-06-17
CVE-2024-13291 Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. 7.3 0.31% 2025-01-09 2026-06-17
CVE-2024-13292 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. 4.8 0.19% 2025-01-09 2026-06-17
CVE-2024-13293 Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. 3.1 0.13% 2025-01-09 2026-06-17
CVE-2024-13294 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. 5.4 0.22% 2025-01-09 2026-06-17
«« First « Prev Page 6 / 19 Next »
cvelogic Threat Intelligence