VIR Vulnerability Intelligence Relay

Package impact

php Packagist / drupal/core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2020-28949 medium 7.0 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2016-9451 medium 6.8 6.8 10y ago Drupal Open Redirect archphp
CVE-2026-6366 medium 6.6 6.6 8d ago Drupal core contains a chain of methods that could be exploitable when an insecure deserialization vulnerability exists on the site. This so-called "gadget chain" presents no direct threat, but is a … php
CVE-2016-9452 medium 6.5 6.5 10y ago Drupal Denial of service via transliterate mechanism archphp
CVE-2016-3168 medium 6.4 6.4 10y ago Drupal Reflected file download vulnerability debianphp
CVE-2026-6367 medium 6.1 6.1 8d ago Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross s… php
CVE-2026-6365 medium 6.1 6.1 8d ago Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which which can lead to a cross-site scripting (XSS) vulnerability. php
CVE-2016-7571 medium 6.1 6.1 10y ago Drupal Cross-site scripting (XSS) vulnerability php
CVE-2016-3166 medium 5.9 5.9 10y ago Drupal CRLF injection vulnerability in the drupal_set_header function debianphp
CVE-2021-32610 medium 5.5 5y ago Moderate: php:7.4 security, bug fix, and enhancement update archrockylinuxdebianphp
CVE-2020-28948 medium 5.5 6y ago Moderate: php:7.4 security update rockylinuxdebianphp
CVE-2019-11358 medium 5.5 7y ago Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update archrockylinuxdebianruby+5
CVE-2016-6212 medium 5.3 5.3 10y ago Drupal Views can allow unauthorized users to see Statistics information php
CVE-2016-3170 medium 5.3 5.3 10y ago Drupal sensitive information disclosure debianphp
CVE-2016-9449 medium 4.3 4.3 10y ago Drupal sensitive information disclosure archphp
CVE-2016-7572 medium 4.3 4.3 10y ago Drupal Unprivileged access to config export php
CVE-2016-7570 medium 4.3 4.3 10y ago Drupal Users without "Administer comments" can set comment visibility on nodes they can edit php
CVE-2022-39261 unknown 4y ago Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a us… debianphp