drupal
509 tracked vulnerabilities.
CVE-2025-31690
HIGH
Drupal Cache Utility < 1.2.1 - Cross-Site Request Forgery
Mar 31, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-31689
HIGH
Drupal General Data Protection Regulation <3.0.1-3.1.2 - CSRF
Mar 31, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-31688
MEDIUM
Drupal Configuration Split <2.0.2 - CSRF
Mar 31, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-31687
MEDIUM
Drupal SpamSpan filter < 3.2.1 - Cross-Site Scripting
Mar 31, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-31684
MEDIUM
Drupal OAuth2 Client < 4.1.3 - Cross-Site Request Forgery
Mar 31, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-31683
MEDIUM
Drupal Google Tag < 1.8.0 and 2.0.0-2.0.7 - Cross-Site Request Forgery
Mar 31, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-31682
MEDIUM
Drupal Google Tag <1.8.0, <2.0.8 - XSS
Mar 31, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-31681
CRITICAL
Drupal Authenticator Login <2.0.6 - Forceful Browsing
Mar 31, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-31680
MEDIUM
Drupal Matomo Analytics <1.24.0 - CSRF
Mar 31, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-31679
MEDIUM
Drupal Ignition Error Pages <1.0.4 - XSS
Mar 31, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-31678
HIGH
Drupal AI <1.0.3 - Forceful Browsing
Mar 31, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-31677
HIGH
Drupal AI <1.0.2 - CSRF
Mar 31, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-31675
MEDIUM
Drupal 8.0.0-10.3.13, 10.4.0-10.4.4, 11.0.0-11.1.4 & Link 7.x-1.0-7.x-1.11 - XSS
Mar 31, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-31674
HIGH
Drupal Drupal core <10.3.13-11.1.3 - Object Injection
Mar 31, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-31673
MEDIUM
Drupal <10.3.13-11.1.3 - Forceful Browsing
Mar 31, 2025
CVSS 4.6
EPSS 0.00
CVE-2024-55638
CRITICAL
Drupal 7.0-7.101, 8.8.0-10.2.10, 10.3.0-10.3.8 - Deserialization of Untrusted Data
Dec 10, 2024
CVSS 9.8
EPSS 0.10
CVE-2024-55637
CRITICAL
Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization
Dec 10, 2024
CVSS 9.8
EPSS 0.10
CVE-2024-55636
CRITICAL
Drupal 8.0.0-10.2.10 10.3.0-10.3.8 11.0.0-11.0.7 - Object Injection via Insecure Deserialization
Dec 10, 2024
CVSS 9.8
EPSS 0.11
CVE-2024-55635
MEDIUM
Drupal 7.0-7.101 - Cross-Site Scripting
Dec 10, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-55634
HIGH
Drupal 8.0.0-10.2.10, 10.3.0-10.3.8, 11.0.0-11.0.7 - Privilege Escalation
Dec 10, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-12393
MEDIUM
Drupal 8.8.0-10.2.10, 10.3.0-10.3.8, 11.0.0-11.0.7 - Cross-Site Scripting
Dec 10, 2024
CVSS 5.4
EPSS 0.03
CVE-2024-11942
MEDIUM
Drupal Core <10.2.10 - Code Injection
Dec 05, 2024
CVSS 5.9
EPSS 0.02
CVE-2024-11941
HIGH
Drupal Core <10.2.2-10.1.8 - Memory Corruption
Dec 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-45440
MEDIUM
NUCLEI
Drupal 10.3.0-10.3.5 - Full Path Disclosure via Missing hash_salt File
Aug 29, 2024
CVSS 5.3
EPSS 0.88
CVE-2024-22362
HIGH
Drupal - Denial of Service via Improper Handling of Structural Elements
Jan 16, 2024
CVSS 7.5
EPSS 0.00
Products
drupal 273
core 91
core-recommended 6
project_issue_tracking_module 6
Drupal core 5
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
File Access Fix (deprecated) 2
activity 2
ajax_checklist 2
artificial_intelligence 2
bibliography_module 2
brilliant_gallery 2
chatroom_module 2
civictheme 2
cookies_consent_management 2
custom_search_module 2
data 2
database_administration_module 2
drupal_easylinks_module 2
google_tag 2
Quick Filters