CVE-2018-7602 critical —
10.0
8y ago
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
arch php
CVE-2018-7600 critical —
10.0
8y ago
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
arch php
CVE-2020-13672 critical —
9.5
5y ago
Drupal core Cross-site Scripting (XSS) vulnerability
arch php
CVE-2016-6211 high 8.8
8.8
10y ago
Drupal Saving user accounts can sometimes grant the user all roles
debian php
CVE-2017-6381 high 8.1
8.1
9y ago
Drupal Remote code execution
php
CVE-2016-3171 high 8.1
8.1
10y ago
Drupal arbitrary code execution
debian php
CVE-2016-3169 high 8.1
8.1
10y ago
Drupal saving user accounts can sometimes grant the user all roles
debian php
CVE-2016-3162 high 8.1
8.1
10y ago
Drupal File upload access bypass and denial of service
debian php
CVE-2021-33829 high —
8.0
5y ago
ckeditor4 vulnerable to cross-site scripting
arch debian ruby php +1
CVE-2017-6919 high 7.5
7.5
9y ago
Drupal access control bypass vulnerability
php
CVE-2017-6379 high 7.5
7.5
9y ago
Drupal Cross-Site Request Forgery (CSRF)
php
CVE-2017-6377 high 7.5
7.5
9y ago
Drupal editor module incorrectly checks access to inline private files
php
CVE-2016-9450 high 7.5
7.5
10y ago
Drupal Incorrect cache context on password reset page
arch php
CVE-2016-3165 high 7.5
7.5
10y ago
Drupal Form API ignores access restrictions on submit buttons
php
CVE-2016-3163 high 7.5
7.5
10y ago
Drupal Brute force amplification attacks via XML-RPC
debian php
CVE-2016-3167 high 7.4
7.4
10y ago
Drupal Open redirect vulnerability in the drupal_goto function
debian php
CVE-2016-3164 high 7.4
7.4
10y ago
Drupal Open Redirect
debian php
CVE-2016-9452 medium 6.5
6.5
10y ago
Drupal Denial of service via transliterate mechanism
arch php
CVE-2016-3168 medium 6.4
6.4
10y ago
Drupal Reflected file download vulnerability
debian php
CVE-2016-7571 medium 6.1
6.1
10y ago
Drupal Cross-site scripting (XSS) vulnerability
php
CVE-2016-3166 medium 5.9
5.9
10y ago
Drupal CRLF injection vulnerability in the drupal_set_header function
debian php
CVE-2013-6389 medium —
5.8
13y ago
Drupal has open redirect vulnerability in the Overlay module
php
CVE-2012-1589 medium —
5.8
14y ago
Drupal Open Redirect
php
CVE-2016-6212 medium 5.3
5.3
10y ago
Drupal Views can allow unauthorized users to see Statistics information
php
CVE-2016-3170 medium 5.3
5.3
10y ago
Drupal sensitive information disclosure
debian php
CVE-2016-9449 medium 4.3
4.3
10y ago
Drupal sensitive information disclosure
arch php
CVE-2016-7572 medium 4.3
4.3
10y ago
Drupal Unprivileged access to config export
php
CVE-2016-7570 medium 4.3
4.3
10y ago
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
php
CVE-2012-2153 medium —
4.0
14y ago
Drupal improper access restrictions
php
CVE-2010-3094 low —
2.1
16y ago
Drupal cross-site scripting vulnerability via actions feature and trigger module
php
CVE-2020-13671 unknown —
1.5
6y ago
Improper sanitization in the extension file names is present in Drupal core.
php
CVE-2019-6340 unknown —
1.5
7y ago
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
php
CVE-2024-55638 unknown —
—
2y ago
Drupal core contains a potential PHP Object Injection vulnerability
php
CVE-2024-55637 unknown —
—
2y ago
Drupal core contains a potential PHP Object Injection vulnerability
php
CVE-2024-55636 unknown —
—
2y ago
Drupal core contains a potential PHP Object Injection vulnerability
php
CVE-2024-55634 unknown —
—
2y ago
Drupal core Access bypass
php
CVE-2024-12393 unknown —
—
2y ago
Drupal Core Cross-Site Scripting (XSS)
php
CVE-2024-45440 unknown —
—
2y ago
Drupal Full Path Disclosure
php
CVE-2020-13662 unknown —
—
4y ago
Drupal Core Open Redirect vulnerability
php
CVE-2020-13665 unknown —
—
4y ago
Drupal Core Access bypass vulnerability
php
CVE-2008-4793 unknown —
—
4y ago
Drupal Node Validation Bypass in the node module API
php
CVE-2017-6929 unknown —
—
4y ago
Drupal cross site scripting vulnerability
php
CVE-2017-6932 unknown —
—
4y ago
Drupal external link injection vulnerability
php
CVE-2017-6927 unknown —
—
4y ago
Drupal cross-site scripting vulnerability
php
CVE-2017-6926 unknown —
—
4y ago
Drupal Comment reply form allows access to restricted content
php
CVE-2017-6920 unknown —
—
4y ago
Drupal PECL YAML parser unsafe object handling
php
CVE-2018-9861 unknown —
—
4y ago
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
php npm
CVE-2017-6931 unknown —
—
4y ago
Drupal Settings Tray access bypass
php
CVE-2017-6928 unknown —
—
4y ago
Drupal access bypass vulnerability
php
CVE-2017-6925 unknown —
—
4y ago
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
php
CVE-2017-6930 unknown —
—
4y ago
Drupal access bypass vulnerability
php
CVE-2017-6922 unknown —
—
4y ago
Drupal core access bypass vulnerability
php
CVE-2017-6921 unknown —
—
4y ago
Drupal file REST resource does not properly validate
php
CVE-2017-6924 unknown —
—
4y ago
Drupal REST API can bypass comment approval
php
CVE-2008-3218 unknown —
—
4y ago
Drupal vulnerable to Cross-site Scripting
php
CVE-2020-13668 unknown —
—
4y ago
Cross-site Scripting in Drupal Core
php
CVE-2020-13670 unknown —
—
6y ago
Exposure of Resource to Wrong Sphere in Drupal Core
php
CVE-2020-13667 unknown —
—
6y ago
Drupal Core Access bypass vulnerability
php
CVE-2020-13669 unknown —
—
6y ago
Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
php
CVE-2020-13666 unknown —
—
6y ago
Drupal Core Cross-site scripting vulnerability
php
CVE-2020-13664 unknown —
—
6y ago
Drupal Core Arbitrary PHP code execution vulnerability
php
CVE-2020-13663 unknown —
—
6y ago
Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
php
CVE-2019-10909 unknown —
—
7y ago
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. Th…
debian php
CVE-2017-6923 unknown —
—
7y ago
Missing Authorization in Drupal
php
CVE-2019-11831 unknown —
—
7y ago
Directory Traversal in typo3/phar-stream-wrapper
php
CVE-2019-6341 unknown —
—
7y ago
Drupal Cross Site Scripting (XSS) vulnerability
php
CVE-2019-6339 unknown —
—
8y ago
Arbitrary PHP code execution in Drupal
php
CVE-2019-6338 unknown —
—
8y ago
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
php