drupal

509 tracked vulnerabilities.

CVE-2023-5256 HIGH
Drupal 8.7.0-9.5.10 - Unauthenticated Sensitive Information Exposure via JSON:API Error Backtrace
Sep 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31250 MEDIUM
Drupal 7.0-7.95 and 10.0.0-10.0.7 - Incorrect Authorization in File Download Facility
Apr 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-25278 MEDIUM
Drupal 8.0.0-9.3.18 - Unauthenticated Form Access Control Bypass
Apr 26, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-25277 HIGH
Drupal 8.0.0-9.3.18 - Unrestricted Upload of File with Dangerous Type via .htaccess Extension Bypass
Apr 26, 2023
CVSS 7.2
EPSS 0.03
CVE-2022-25276 MEDIUM
Drupal 9.3.0-9.3.18 and Drupal Core 8.0.0-9.3.18 - Cross-Site Scripting via Media oEmbed Iframe Domain Validation
Apr 26, 2023
CVSS 6.1
EPSS 0.02
CVE-2022-25275 HIGH
Drupal 7.0-7.90 - Unauthenticated Unrestricted File Access via Image Style Derivative Generation
Apr 26, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-25274 MEDIUM
Drupal 9.3.0-9.3.11 - Incorrect Authorization in Entity Revision Access API
Apr 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-25273 HIGH
Drupal 8.0.0-9.2.17 - Improper Input Validation in Form API
Apr 26, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-39261 HIGH
Twig < 1.44.7, 2.x < 2.15.3, 3.x < 3.4.3 - Path Traversal via Namespace Bypass
Sep 28, 2022
CVSS 7.5
EPSS 0.10
CVE-2022-31160 MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.08
CVE-2022-31043 HIGH
Guzzle < 6.5.7 - Sensitive Information Exposure via HTTPS to HTTP Redirect
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-31042 HIGH
Guzzle < 6.5.7 - Sensitive Cookie Header Exposure via Redirect Handling
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-26493 CRITICAL
miniOrange Premium-Enterprise Drupal SAML SP - Auth Bypass
Jun 03, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-29248 HIGH
Guzzle < 6.5.6 - Cookie Domain Validation Bypass
May 25, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-24775 HIGH
Drupal < 9.2.16 - Improper Input Validation
Mar 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24729 MEDIUM
CKEditor 4.0-4.17.2 - Denial of Service via Dialog Input Validator Regex
Mar 16, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-24728 MEDIUM
CKEditor 4 < 4.18.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
Mar 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25270 MEDIUM
Drupal 9.2.0-9.2.12 and 9.3.0-9.3.5 - Incorrect Authorization in Quick Edit Module
Feb 17, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-25271 HIGH
Drupal 7.0.0-7.87 and 9.3.0-9.3.5 - Improper Input Validation in Form API
Feb 16, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-41165 HIGH
CKEditor < 4.17.0 - Stored Cross-Site Scripting via Malformed HTML Comment Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.00
CVE-2021-41164 HIGH
CKEditor 4 < 4.17.0 - Stored Cross-Site Scripting via Advanced Content Filter Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.00
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.25
CVE-2021-41183 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-41182 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.28
CVE-2021-33829 MEDIUM NUCLEI
CKEditor 4.14.0-4.16.0 - Cross-Site Scripting via HTML Comment Parsing
Jun 09, 2021
CVSS 6.1
EPSS 0.66
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV