Entity Api Project Entity Api — known CVE vulnerabilities
Every CVE whose affected-product data names Entity Api Project Entity Api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2014-1398 — CVSS 6.5 (medium): The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass…
CVE-2014-1399 — CVSS 6.5 (medium): The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass…
CVE-2014-1400 — CVSS 6.5 (medium): The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended…
CVE-2013-7391 — CVSS 5.0 (medium): The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to…
CVE-2013-4273 — CVSS 4.0 (medium): The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote…
CVE-2015-2197 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject…