VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-9082 critical 9.8 10.0 8d ago Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. phpdrupal
CVE-2018-7602 critical 10.0 8y ago A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. archphp
CVE-2018-7600 critical 10.0 8y ago Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. archphp
CVE-2020-13672 critical 9.5 5y ago Drupal core Cross-site Scripting (XSS) vulnerability archphp
CVE-2020-28949 medium 7.0 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2016-9451 medium 6.8 6.8 10y ago Drupal Open Redirect archphpdrupal
CVE-2026-6366 medium 6.6 6.6 8d ago Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … phpdrupal
CVE-2016-9452 medium 6.5 6.5 10y ago Drupal Denial of service via transliterate mechanism archphpdrupal
CVE-2016-3168 medium 6.4 6.4 10y ago Drupal Reflected file download vulnerability debianphpdrupal
CVE-2026-6367 medium 6.1 6.1 8d ago Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross s… phpdrupal
CVE-2026-6365 medium 6.1 6.1 8d ago Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability. phpdrupal
CVE-2016-7571 medium 6.1 6.1 10y ago Drupal Cross-site scripting (XSS) vulnerability phpdrupal
CVE-2016-3166 medium 5.9 5.9 10y ago Drupal CRLF injection vulnerability in the drupal_set_header function debianphpdrupal
CVE-2021-32610 medium 5.5 5y ago Moderate: php:7.4 security, bug fix, and enhancement update archrockylinuxdebianphp
CVE-2020-28948 medium 5.5 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2019-11358 medium 5.5 7y ago XSS in jQuery as used in Drupal, Backdrop CMS, and other products archrockylinuxdebianruby+5
CVE-2016-6212 medium 5.3 5.3 10y ago Drupal Views can allow unauthorized users to see Statistics information phpdrupal
CVE-2016-3170 medium 5.3 5.3 10y ago Drupal sensitive information disclosure debianphpdrupal
CVE-2016-9449 medium 4.3 4.3 10y ago Drupal sensitive information disclosure archphpdrupal
CVE-2016-7572 medium 4.3 4.3 10y ago Drupal Unprivileged access to config export phpdrupal
CVE-2016-7570 medium 4.3 4.3 10y ago Drupal Users without "Administer comments" can set comment visibility on nodes they can edit phpdrupal