| CVE-2018-7602 |
critical |
— |
10.0 |
|
|
|
8y ago |
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. |
| CVE-2018-7600 |
critical |
— |
10.0 |
|
|
|
8y ago |
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. |
| CVE-2020-13672 |
critical |
— |
9.5 |
|
|
|
5y ago |
Drupal core Cross-site Scripting (XSS) vulnerability |
| CVE-2016-9452 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Drupal Denial of service via transliterate mechanism |
| CVE-2016-3168 |
medium |
6.4 |
6.4 |
|
|
|
10y ago |
Drupal Reflected file download vulnerability |
| CVE-2016-7571 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Drupal Cross-site scripting (XSS) vulnerability |
| CVE-2016-3166 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
Drupal CRLF injection vulnerability in the drupal_set_header function |
| CVE-2013-6389 |
medium |
— |
5.8 |
|
|
|
13y ago |
Drupal has open redirect vulnerability in the Overlay module |
| CVE-2012-1589 |
medium |
— |
5.8 |
|
|
|
14y ago |
Drupal Open Redirect |
| CVE-2016-6212 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal Views can allow unauthorized users to see Statistics information |
| CVE-2016-3170 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-9449 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-7572 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Unprivileged access to config export |
| CVE-2016-7570 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit |
| CVE-2012-2153 |
medium |
— |
4.0 |
|
|
|
14y ago |
Drupal improper access restrictions |
