VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-9082 critical 9.8 10.0 7d ago Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API. php
CVE-2018-7602 critical 10.0 8y ago A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. archphp
CVE-2018-7600 critical 10.0 8y ago Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. archphp
CVE-2020-13672 critical 9.5 5y ago Drupal core Cross-site Scripting (XSS) vulnerability archphp
CVE-2020-28949 medium 7.0 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2016-9451 medium 6.8 6.8 10y ago Drupal Open Redirect archphp
CVE-2026-6366 medium 6.6 6.6 8d ago Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … php
CVE-2016-9452 medium 6.5 6.5 10y ago Drupal Denial of service via transliterate mechanism archphp
CVE-2016-3168 medium 6.4 6.4 10y ago Drupal Reflected file download vulnerability debianphp
CVE-2026-6367 medium 6.1 6.1 8d ago Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross s… php
CVE-2026-6365 medium 6.1 6.1 8d ago Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability. php
CVE-2016-7571 medium 6.1 6.1 10y ago Drupal Cross-site scripting (XSS) vulnerability php
CVE-2016-3166 medium 5.9 5.9 10y ago Drupal CRLF injection vulnerability in the drupal_set_header function debianphp
CVE-2021-32610 medium 5.5 5y ago Moderate: php:7.4 security, bug fix, and enhancement update archrockylinuxdebianphp
CVE-2020-28948 medium 5.5 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2019-11358 medium 5.5 7y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update archrockylinuxdebianruby+5
CVE-2016-6212 medium 5.3 5.3 10y ago Drupal Views can allow unauthorized users to see Statistics information php
CVE-2016-3170 medium 5.3 5.3 10y ago Drupal sensitive information disclosure debianphp
CVE-2016-9449 medium 4.3 4.3 10y ago Drupal sensitive information disclosure archphp
CVE-2016-7572 medium 4.3 4.3 10y ago Drupal Unprivileged access to config export php
CVE-2016-7570 medium 4.3 4.3 10y ago Drupal Users without "Administer comments" can set comment visibility on nodes they can edit php