| CVE-2018-7602 |
critical |
— |
10.0 |
|
|
|
8y ago |
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. |
| CVE-2018-7600 |
critical |
— |
10.0 |
|
|
|
8y ago |
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. |
| CVE-2020-13672 |
critical |
— |
9.5 |
|
|
|
5y ago |
Drupal core Cross-site Scripting (XSS) vulnerability |
| CVE-2016-6211 |
high |
8.8 |
8.8 |
|
|
|
10y ago |
Drupal Saving user accounts can sometimes grant the user all roles |
| CVE-2017-6381 |
high |
8.1 |
8.1 |
|
|
|
9y ago |
Drupal Remote code execution |
| CVE-2016-3171 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal arbitrary code execution |
| CVE-2016-3169 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal saving user accounts can sometimes grant the user all roles |
| CVE-2016-3162 |
high |
8.1 |
8.1 |
|
|
|
10y ago |
Drupal File upload access bypass and denial of service |
| CVE-2021-33829 |
high |
— |
8.0 |
|
|
|
5y ago |
ckeditor4 vulnerable to cross-site scripting |
| CVE-2017-6919 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal access control bypass vulnerability |
| CVE-2017-6379 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal Cross-Site Request Forgery (CSRF) |
| CVE-2017-6377 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Drupal editor module incorrectly checks access to inline private files |
| CVE-2016-9450 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Incorrect cache context on password reset page |
| CVE-2016-3165 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Form API ignores access restrictions on submit buttons |
| CVE-2016-3163 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Drupal Brute force amplification attacks via XML-RPC |
| CVE-2016-3167 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Drupal Open redirect vulnerability in the drupal_goto function |
| CVE-2016-3164 |
high |
7.4 |
7.4 |
|
|
|
10y ago |
Drupal Open Redirect |
| CVE-2016-9452 |
medium |
6.5 |
6.5 |
|
|
|
10y ago |
Drupal Denial of service via transliterate mechanism |
| CVE-2016-3168 |
medium |
6.4 |
6.4 |
|
|
|
10y ago |
Drupal Reflected file download vulnerability |
| CVE-2016-7571 |
medium |
6.1 |
6.1 |
|
|
|
10y ago |
Drupal Cross-site scripting (XSS) vulnerability |
| CVE-2016-3166 |
medium |
5.9 |
5.9 |
|
|
|
10y ago |
Drupal CRLF injection vulnerability in the drupal_set_header function |
| CVE-2013-6389 |
medium |
— |
5.8 |
|
|
|
13y ago |
Drupal has open redirect vulnerability in the Overlay module |
| CVE-2012-1589 |
medium |
— |
5.8 |
|
|
|
14y ago |
Drupal Open Redirect |
| CVE-2016-6212 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal Views can allow unauthorized users to see Statistics information |
| CVE-2016-3170 |
medium |
5.3 |
5.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-9449 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal sensitive information disclosure |
| CVE-2016-7572 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Unprivileged access to config export |
| CVE-2016-7570 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit |
| CVE-2012-2153 |
medium |
— |
4.0 |
|
|
|
14y ago |
Drupal improper access restrictions |
| CVE-2010-3094 |
low |
— |
2.1 |
|
|
|
16y ago |
Drupal cross-site scripting vulnerability via actions feature and trigger module |