VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2016-6211 high 8.8 8.8 10y ago Drupal Saving user accounts can sometimes grant the user all roles debianphp
CVE-2017-6381 high 8.1 8.1 9y ago Drupal Remote code execution php
CVE-2016-5385 high 8.1 8.1 10y ago HTTP Proxy header vulnerability susefedoradebianredhat+1
CVE-2016-3171 high 8.1 8.1 10y ago Drupal arbitrary code execution debianphp
CVE-2016-3169 high 8.1 8.1 10y ago Drupal saving user accounts can sometimes grant the user all roles debianphp
CVE-2016-3162 high 8.1 8.1 10y ago Drupal File upload access bypass and denial of service debianphp
CVE-2020-13675 high 8.0 5y ago Unrestricted Upload of File with Dangerous Type in Drupal core archphp
CVE-2020-13673 high 8.0 5y ago The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it i… archphp
CVE-2020-13677 high 8.0 5y ago Drupal core access bypass vulnerability archphp
CVE-2020-13676 high 8.0 5y ago Incorrect Authorization in Drupal core archphp
CVE-2020-13674 high 8.0 5y ago Cross-Site Request Forgery in Drupal core archphp
CVE-2021-33829 high 8.0 5y ago ckeditor4 vulnerable to cross-site scripting archdebianrubyphp+1
CVE-2017-6919 high 7.5 7.5 9y ago Drupal access control bypass vulnerability php
CVE-2017-6379 high 7.5 7.5 9y ago Drupal Cross-Site Request Forgery (CSRF) php
CVE-2017-6377 high 7.5 7.5 9y ago Drupal editor module incorrectly checks access to inline private files php
CVE-2016-9450 high 7.5 7.5 10y ago Drupal Incorrect cache context on password reset page archphp
CVE-2016-3165 high 7.5 7.5 10y ago Drupal Form API ignores access restrictions on submit buttons php
CVE-2016-3163 high 7.5 7.5 10y ago Drupal Brute force amplification attacks via XML-RPC debianphp
CVE-2011-2687 high 7.5 15y ago Drupal Access Control Bypass php
CVE-2016-3167 high 7.4 7.4 10y ago Drupal Open redirect vulnerability in the drupal_goto function debianphp
CVE-2016-3164 high 7.4 7.4 10y ago Drupal Open Redirect debianphp
CVE-2022-39261 unknown 4y ago Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… debianphp