drupal

509 tracked vulnerabilities.

CVE-2020-13677 HIGH
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API Module
Feb 11, 2022
CVSS 7.5
EPSS 0.00
CVE-2020-13676 MEDIUM
Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module
Feb 11, 2022
CVSS 6.5
EPSS 0.00
CVE-2020-13675 CRITICAL
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API and REST/File Modules
Feb 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-13674 MEDIUM
Drupal 8.9.0-8.9.18 - Cross-Site Request Forgery in QuickEdit Module
Feb 11, 2022
CVSS 6.5
EPSS 0.00
CVE-2020-13673 MEDIUM
Drupal Entity Embed - Cross-Site Request Forgery
Feb 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-13672 MEDIUM
Drupal < 7.80, 8.9.x < 8.9.14, 9.0.x < 9.0.12, 9.1.x < 9.1.7 - Cross-Site Scripting in Sanitization API
Feb 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-13670 HIGH
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Unauthenticated Information Disclosure in File Module
Feb 11, 2022
CVSS 7.5
EPSS 0.00
CVE-2020-13669 MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting in CKEditor
Feb 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-13668 MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting via Form HTML Rendering
Feb 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2020-13663 HIGH
Drupal 7.0-7.71 and 8.9.0 - Cross-Site Request Forgery in Form API
Jun 11, 2021
CVSS 8.8
EPSS 0.00
CVE-2020-13688 MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting in Form HTML Rendering
Jun 11, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-13667 MEDIUM
Drupal Core 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Access Bypass in Workspaces Module
May 17, 2021
CVSS 5.3
EPSS 0.00
CVE-2020-13665 CRITICAL
Drupal Core <8.8.8, <8.9.1, <9.0.1 - Auth Bypass
May 05, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-13664 HIGH
Drupal Core 8.8.0-8.8.7, 8.9.0, 9.0.0 - Remote Code Execution via Malicious Directory Creation
May 05, 2021
CVSS 8.8
EPSS 0.02
CVE-2020-13662 MEDIUM
Drupal Core < 7.70 - Open Redirect via Crafted URL
May 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-13666 MEDIUM
Drupal Core < 7.73, 8.8.0-8.8.9, 8.9.0-8.9.5, 9.0.0-9.0.5 - Cross-Site Scripting via AJAX API JSONP
May 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-36193 HIGH KEV
Archive_Tar < 1.4.11 - Path Traversal via Symbolic Link Handling
Jan 18, 2021
CVSS 7.5
EPSS 0.71
CVE-2020-35191 CRITICAL
Drupal Docker <8.5.10-fpm-alpine - Privilege Escalation
Dec 17, 2020
CVSS 9.8
EPSS 0.20
CVE-2020-13671 HIGH KEV
Drupal Core < 7.74, 8.8.11, 8.9.9, 9.0.8 - Unrestricted Upload of File with Dangerous Type
Nov 20, 2020
CVSS 8.8
EPSS 0.05
CVE-2020-28949 HIGH KEV
Archive_Tar <1.4.10 - Code Injection
Nov 19, 2020
CVSS 7.8
EPSS 0.93
CVE-2020-28948 HIGH
Archive_Tar < 1.4.11 - Deserialization of Untrusted Data via PHAR Case Bypass
Nov 19, 2020
CVSS 7.8
EPSS 0.77
CVE-2020-11022 MEDIUM
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
Apr 29, 2020
CVSS 6.9
EPSS 0.02
CVE-2020-11023 MEDIUM KEV
jQuery <3.5.0 - XSS
Apr 29, 2020
CVSS 6.9
EPSS 0.35
CVE-2020-9281 MEDIUM
CKEditor 4.0-4.13 - Cross-Site Scripting via Protected Comment Injection
Mar 07, 2020
CVSS 6.1
EPSS 0.01
CVE-2019-6342 CRITICAL
Drupal 8.7.4 - Access Bypass via Workspaces Module
May 28, 2020
CVSS 9.8
EPSS 0.00
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV