| CVE-2018-7602 |
critical |
— |
10.0 |
|
|
|
8y ago |
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. |
| CVE-2018-7600 |
critical |
— |
10.0 |
|
|
|
8y ago |
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. |
| CVE-2020-13672 |
critical |
— |
9.5 |
|
|
|
5y ago |
Drupal core Cross-site Scripting (XSS) vulnerability |
| CVE-2016-6211 |
high |
8.8 |
8.8 |
|
|
|
10y ago |
Drupal Saving user accounts can sometimes grant the user all roles |
| CVE-2017-6381 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
Drupal Remote code execution |
| CVE-2016-3171 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal arbitrary code execution |
| CVE-2016-3169 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal saving user accounts can sometimes grant the user all roles |
| CVE-2016-3162 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal File upload access bypass and denial of service |
| CVE-2021-33829 |
high |
— |
8.0 |
|
|
|
5y ago |
ckeditor4 vulnerable to cross-site scripting |
| CVE-2017-6919 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal access control bypass vulnerability |
| CVE-2017-6379 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal Cross-Site Request Forgery (CSRF) |
| CVE-2017-6377 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal editor module incorrectly checks access to inline private files |
| CVE-2016-9450 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Incorrect cache context on password reset page |
| CVE-2016-3165 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Form API ignores access restrictions on submit buttons |
| CVE-2016-3163 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Brute force amplification attacks via XML-RPC |
| CVE-2016-3167 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Drupal Open redirect vulnerability in the drupal_goto function |
| CVE-2016-3164 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Drupal Open Redirect |
| CVE-2016-9452 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Drupal Denial of service via transliterate mechanism |
| CVE-2016-3168 |
medium |
6.4 |
6.4 |
|
|
|
10y ago |
Drupal Reflected file download vulnerability |
| CVE-2016-7571 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Drupal Cross-site scripting (XSS) vulnerability |
| CVE-2016-3166 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
Drupal CRLF injection vulnerability in the drupal_set_header function |
| CVE-2013-6389 |
medium |
— |
5.8 |
|
|
|
13y ago |
Drupal has open redirect vulnerability in the Overlay module |
| CVE-2012-1589 |
medium |
— |
5.8 |
|
|
|
14y ago |
Drupal Open Redirect |
| CVE-2016-6212 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal Views can allow unauthorized users to see Statistics information |
| CVE-2016-3170 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-9449 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-7572 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Unprivileged access to config export |
| CVE-2016-7570 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit |
| CVE-2012-2153 |
medium |
— |
4.0 |
|
|
|
14y ago |
Drupal improper access restrictions |
| CVE-2019-6340 |
unknown |
— |
2.5 |
|
|
|
7y ago |
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. |
| CVE-2010-3094 |
low |
— |
2.1 |
|
|
|
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |
| CVE-2020-13671 |
unknown |
— |
1.5 |
|
|
|
6y ago |
Improper sanitization in the extension file names is present in Drupal core. |
| CVE-2024-45440 |
unknown |
— |
1.0 |
|
|
|
2y ago |
Drupal Full Path Disclosure |
| CVE-2024-55638 |
unknown |
— |
— |
|
|
|
2y ago |
Drupal core contains a potential PHP Object Injection vulnerability |
| CVE-2024-55637 |
unknown |
— |
— |
|
|
|
2y ago |
Drupal core contains a potential PHP Object Injection vulnerability |
| CVE-2024-55636 |
unknown |
— |
— |
|
|
|
2y ago |
Drupal core contains a potential PHP Object Injection vulnerability |
| CVE-2024-55634 |
unknown |
— |
— |
|
|
|
2y ago |
Drupal core Access bypass |
| CVE-2024-12393 |
unknown |
— |
— |
|
|
|
2y ago |
Drupal Core Cross-Site Scripting (XSS) |
| CVE-2020-13662 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Core Open Redirect vulnerability |
| CVE-2020-13665 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Core Access bypass vulnerability |
| CVE-2008-4793 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Node Validation Bypass in the node module API |
| CVE-2017-6929 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal cross site scripting vulnerability |
| CVE-2017-6932 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal external link injection vulnerability |
| CVE-2017-6927 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal cross-site scripting vulnerability |
| CVE-2017-6926 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Comment reply form allows access to restricted content |
| CVE-2017-6920 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal PECL YAML parser unsafe object handling |
| CVE-2018-9861 |
unknown |
— |
— |
|
|
|
4y ago |
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS) |
| CVE-2017-6931 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Settings Tray access bypass |
| CVE-2017-6928 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal access bypass vulnerability |
| CVE-2017-6930 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal access bypass vulnerability |
| CVE-2017-6925 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions |
| CVE-2017-6922 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal core access bypass vulnerability |
| CVE-2017-6924 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal REST API can bypass comment approval |
| CVE-2017-6921 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal file REST resource does not properly validate |
| CVE-2008-3218 |
unknown |
— |
— |
|
|
|
4y ago |
Drupal vulnerable to Cross-site Scripting |
| CVE-2020-13668 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting in Drupal Core |
| CVE-2020-13670 |
unknown |
— |
— |
|
|
|
6y ago |
Exposure of Resource to Wrong Sphere in Drupal Core |
| CVE-2020-13667 |
unknown |
— |
— |
|
|
|
6y ago |
Drupal Core Access bypass vulnerability |
| CVE-2020-13669 |
unknown |
— |
— |
|
|
|
6y ago |
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor |
| CVE-2020-13666 |
unknown |
— |
— |
|
|
|
6y ago |
Drupal Core Cross-site scripting vulnerability |
| CVE-2020-13664 |
unknown |
— |
— |
|
|
|
6y ago |
Drupal Core Arbitrary PHP code execution vulnerability |
| CVE-2020-13663 |
unknown |
— |
— |
|
|
|
6y ago |
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2019-10909 |
unknown |
— |
— |
|
|
|
7y ago |
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th… |
| CVE-2017-6923 |
unknown |
— |
— |
|
|
|
7y ago |
Missing Authorization in Drupal |
| CVE-2019-11831 |
unknown |
— |
— |
|
|
|
7y ago |
Directory Traversal in typo3/phar-stream-wrapper |
| CVE-2019-6341 |
unknown |
— |
— |
|
|
|
7y ago |
Drupal Cross Site Scripting (XSS) vulnerability |
| CVE-2019-6339 |
unknown |
— |
— |
|
|
|
8y ago |
Arbitrary PHP code execution in Drupal |
| CVE-2019-6338 |
unknown |
— |
— |
|
|
|
8y ago |
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data |
