CVE-2018-7602 critical —
10.0
8y ago
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
arch php
CVE-2018-7600 critical —
10.0
8y ago
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
arch php
CVE-2020-13672 critical —
9.5
5y ago
Drupal core Cross-site Scripting (XSS) vulnerability
arch php
CVE-2016-6211 high 8.8
8.8
10y ago
Drupal Saving user accounts can sometimes grant the user all roles
debian php
CVE-2017-6381 high 8.1
8.1
9y ago
Drupal Remote code execution
php
CVE-2016-3171 high 8.1
8.1
10y ago
Drupal arbitrary code execution
debian php
CVE-2016-3169 high 8.1
8.1
10y ago
Drupal saving user accounts can sometimes grant the user all roles
debian php
CVE-2016-3162 high 8.1
8.1
10y ago
Drupal File upload access bypass and denial of service
debian php
CVE-2021-33829 high —
8.0
5y ago
ckeditor4 vulnerable to cross-site scripting
arch debian ruby php +1
CVE-2017-6919 high 7.5
7.5
9y ago
Drupal access control bypass vulnerability
php
CVE-2017-6379 high 7.5
7.5
9y ago
Drupal Cross-Site Request Forgery (CSRF)
php
CVE-2017-6377 high 7.5
7.5
9y ago
Drupal editor module incorrectly checks access to inline private files
php
CVE-2016-9450 high 7.5
7.5
10y ago
Drupal Incorrect cache context on password reset page
arch php
CVE-2016-3165 high 7.5
7.5
10y ago
Drupal Form API ignores access restrictions on submit buttons
php
CVE-2016-3163 high 7.5
7.5
10y ago
Drupal Brute force amplification attacks via XML-RPC
debian php
CVE-2016-3167 high 7.4
7.4
10y ago
Drupal Open redirect vulnerability in the drupal_goto function
debian php
CVE-2016-3164 high 7.4
7.4
10y ago
Drupal Open Redirect
debian php
CVE-2010-3094 low —
2.1
16y ago
Drupal cross-site scripting vulnerability via actions feature and trigger module
php