| CVE-2016-6211 |
high |
8.8 |
8.8 |
10y ago |
Drupal Saving user accounts can sometimes grant the user all roles |
|
| CVE-2017-6381 |
high |
8.1 |
8.1 |
9y ago |
Drupal Remote code execution |
|
| CVE-2016-3171 |
high |
8.1 |
8.1 |
10y ago |
Drupal arbitrary code execution |
|
| CVE-2016-3169 |
high |
8.1 |
8.1 |
10y ago |
Drupal saving user accounts can sometimes grant the user all roles |
|
| CVE-2016-3162 |
high |
8.1 |
8.1 |
10y ago |
Drupal File upload access bypass and denial of service |
|
| CVE-2021-33829 |
high |
— |
8.0 |
5y ago |
ckeditor4 vulnerable to cross-site scripting |
+1 |
| CVE-2017-6919 |
high |
7.5 |
7.5 |
9y ago |
Drupal access control bypass vulnerability |
|
| CVE-2017-6379 |
high |
7.5 |
7.5 |
9y ago |
Drupal Cross-Site Request Forgery (CSRF) |
|
| CVE-2017-6377 |
high |
7.5 |
7.5 |
9y ago |
Drupal editor module incorrectly checks access to inline private files |
|
| CVE-2016-9450 |
high |
7.5 |
7.5 |
10y ago |
Drupal Incorrect cache context on password reset page |
|
| CVE-2016-3165 |
high |
7.5 |
7.5 |
10y ago |
Drupal Form API ignores access restrictions on submit buttons |
|
| CVE-2016-3163 |
high |
7.5 |
7.5 |
10y ago |
Drupal Brute force amplification attacks via XML-RPC |
|
| CVE-2016-3167 |
high |
7.4 |
7.4 |
10y ago |
Drupal Open redirect vulnerability in the drupal_goto function |
|
| CVE-2016-3164 |
high |
7.4 |
7.4 |
10y ago |
Drupal Open Redirect |
|
| CVE-2016-9452 |
medium |
6.5 |
6.5 |
10y ago |
Drupal Denial of service via transliterate mechanism |
|
| CVE-2016-3168 |
medium |
6.4 |
6.4 |
10y ago |
Drupal Reflected file download vulnerability |
|
| CVE-2016-7571 |
medium |
6.1 |
6.1 |
10y ago |
Drupal Cross-site scripting (XSS) vulnerability |
|
| CVE-2016-3166 |
medium |
5.9 |
5.9 |
10y ago |
Drupal CRLF injection vulnerability in the drupal_set_header function |
|
| CVE-2013-6389 |
medium |
— |
5.8 |
13y ago |
Drupal has open redirect vulnerability in the Overlay module |
|
| CVE-2012-1589 |
medium |
— |
5.8 |
14y ago |
Drupal Open Redirect |
|
| CVE-2016-6212 |
medium |
5.3 |
5.3 |
10y ago |
Drupal Views can allow unauthorized users to see Statistics information |
|
| CVE-2016-3170 |
medium |
5.3 |
5.3 |
10y ago |
Drupal sensitive information disclosure |
|
| CVE-2016-9449 |
medium |
4.3 |
4.3 |
10y ago |
Drupal sensitive information disclosure |
|
| CVE-2016-7572 |
medium |
4.3 |
4.3 |
10y ago |
Drupal Unprivileged access to config export |
|
| CVE-2016-7570 |
medium |
4.3 |
4.3 |
10y ago |
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit |
|
| CVE-2012-2153 |
medium |
— |
4.0 |
14y ago |
Drupal improper access restrictions |
|