| 2022-12-05 | Drupal H5P Module 2.0.0 Zip Slip Traversal | Published |
| 2022-03-29 | Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting | Published |
| 2020-03-12 | New IMCE Dir Exploit for Hacking Drupal Websites | Published |
| 2019-03-07 | Drupal RESTful Web Services unserialize Remote Code Execution | Published |
| 2019-02-25 | Drupal REST Module Remote Code Execution | Published |
| 2019-02-22 | Drupal Pubdlcnt 7.x-1.2 Open Redirection | Published |
| 2019-02-21 | Drupal Pubdlcnt Modules 7.x-1.2 Public Download Count Open Redirection | Published |
| 2019-01-01 | Drupal 7 CivicRM Modules 5.8.2 Database Disclosure | Published |
| 2018-06-22 | Drupal 7 ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability | Published |
| 2018-06-02 | Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability | Published |
| 2018-05-22 | Drupal Exploiter on subdomains brute-forcing RCE | Published |
| 2018-04-23 | Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download | Published |
| 2018-04-14 | Drupal 0day Remote PHP Code Execution Perl | Published |
| 2018-04-13 | Drupal 0day Remote PHP Code Execution Python | Published |
| 2018-04-13 | Drupal 0day Remote PHP Code Execution curl | Published |
| 2018-04-13 | Drupal Drupalgeddon2 Remote Code Execution Ruby | Published |
| 2018-03-30 | Drupal 7.0 < 7.31 Drupalgeddon SQL Injection Admin Session | Published |
| 2017-06-08 | Drupal Public Download Count Module - Open Redirect | Published |
| 2017-05-16 | Drupal comment-form Upload Dangerous File | Published |
| 2017-03-10 | Drupal 7.x Module Services Remote Code Execution | Published |
| 2016-07-25 | Drupal CODER Module 2.5 - Remote Command Execution | Published |
| 2016-07-21 | Drupal RESTWS Module 7.x - Remote PHP Code Execution | Published |
| 2016-07-19 | Drupal 8.1.6 HTTP traffic to an arbitrary proxy server | Published |
| 2016-07-17 | Drupal Webform Multiple File Upload - Remote code execution | Published |
| 2016-07-05 | Drupal 6.22 - menupereid SQL injection Vulnerability | Published |
| 2016-02-21 | Drupal 8.0.x-dev Cross Site Scripting | Published |
| 2016-01-07 | Drupal Insecure Update Process MiTM | Published |
| 2015-10-11 | Drupal 8.0.0 Beta 14 Cross Site Scripting | Published |
| 2014-11-04 | Drupal < 7.32 Pre Auth SQL Injection Vulnerability | Published |
| 2014-10-18 | Drupal HTTP Parameter Key/Value SQL Injection | Published |
| 2014-10-16 | Drupal 7.x SQL Injection Exploit | Published |
| 2014-10-16 | Drupal 7.31 CORE pre Auth SQL Injection Vulnerability *youtube | Published |
| 2014-08-11 | WordPress 3.9 and Drupal 7.x Denial Of Service Vulnerability *video | Published |
| 2014-05-11 | Drupal Flag 7.x-3.5 Command Execution | Published |
| 2014-04-03 | Drupal 7.26 Custom Search 7.x-1.13 Cross Site Scripting | Published |
| 2014-03-13 | Drupal Webform Template 7.x Access Bypass | Published |
| 2014-03-13 | Drupal SexyBookmarks 6.x Information Disclosure | Published |
| 2014-03-06 | Drupal NewsFlash 6.x / 7.x Cross Site Scripting | Published |