| CVE-2016-6211 |
high |
8.8 |
8.8 |
10y ago |
Drupal Saving user accounts can sometimes grant the user all roles |
|
| CVE-2017-6381 |
high |
8.1 |
8.1 |
9y ago |
Drupal Remote code execution |
|
| CVE-2016-3171 |
high |
8.1 |
8.1 |
10y ago |
Drupal arbitrary code execution |
|
| CVE-2016-3169 |
high |
8.1 |
8.1 |
10y ago |
Drupal saving user accounts can sometimes grant the user all roles |
|
| CVE-2016-3162 |
high |
8.1 |
8.1 |
10y ago |
Drupal File upload access bypass and denial of service |
|
| CVE-2021-33829 |
high |
— |
8.0 |
5y ago |
ckeditor4 vulnerable to cross-site scripting |
+1 |
| CVE-2017-6919 |
high |
7.5 |
7.5 |
9y ago |
Drupal access control bypass vulnerability |
|
| CVE-2017-6379 |
high |
7.5 |
7.5 |
9y ago |
Drupal Cross-Site Request Forgery (CSRF) |
|
| CVE-2017-6377 |
high |
7.5 |
7.5 |
9y ago |
Drupal editor module incorrectly checks access to inline private files |
|
| CVE-2016-9450 |
high |
7.5 |
7.5 |
10y ago |
Drupal Incorrect cache context on password reset page |
|
| CVE-2016-3165 |
high |
7.5 |
7.5 |
10y ago |
Drupal Form API ignores access restrictions on submit buttons |
|
| CVE-2016-3163 |
high |
7.5 |
7.5 |
10y ago |
Drupal Brute force amplification attacks via XML-RPC |
|
| CVE-2016-3167 |
high |
7.4 |
7.4 |
10y ago |
Drupal Open redirect vulnerability in the drupal_goto function |
|
| CVE-2016-3164 |
high |
7.4 |
7.4 |
10y ago |
Drupal Open Redirect |
|
| CVE-2010-3094 |
low |
— |
2.1 |
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |
|