| CVE-2026-9082 |
critical |
9.8 |
10.0 |
|
|
|
14d ago |
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. |
| CVE-2018-7602 |
critical |
— |
10.0 |
|
|
|
8y ago |
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. |
| CVE-2018-7600 |
critical |
— |
10.0 |
|
|
|
8y ago |
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. |
| CVE-2020-28949 |
medium |
— |
8.0 |
|
|
|
6y ago |
PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and di… |
| CVE-2019-6340 |
unknown |
— |
2.5 |
|
|
|
7y ago |
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. |
| CVE-2020-13671 |
unknown |
— |
1.5 |
|
|
|
6y ago |
Improper sanitization in the extension file names is present in Drupal core. |
