drupal

509 tracked vulnerabilities.

CVE-2019-19826 CRITICAL
Drupal Views Dynamic Fields <= 7.x-1.0-alpha4 - PHP Object Injection via Insecure Unserialize
Dec 16, 2019
CVSS 9.8
EPSS 0.02
CVE-2019-18856 HIGH
Drupal SVG Sanitizer <= 8.x-1.0-alpha1 - Denial of Service via SVG Use Element
Nov 11, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-11876 MEDIUM
PrestaShop 1.7.5.2 - Reflected Cross-Site Scripting via Shop Country Parameter
May 24, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-10911 HIGH
Sensiolabs Symfony < 2.7.51 - Authentication Bypass
May 16, 2019
CVSS 7.5
EPSS 0.00
CVE-2019-10910 CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - SQLi & RCE via Service ID
May 16, 2019
CVSS 9.8
EPSS 0.12
CVE-2019-10909 MEDIUM
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - XSS in Validation Messages
May 16, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-11831 CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Path Traversal
May 09, 2019
CVSS 9.8
EPSS 0.10
CVE-2019-11358 MEDIUM
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
Apr 20, 2019
CVSS 6.1
EPSS 0.02
CVE-2019-6341 MEDIUM
Drupal 7 < 7.65 - Cross-Site Scripting via File Upload
Mar 26, 2019
CVSS 5.4
EPSS 0.46
CVE-2019-6340 HIGH KEVNUCLEI
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Feb 21, 2019
CVSS 8.1
EPSS 0.94
CVE-2019-6339 CRITICAL
Drupal Core < 7.62 - Remote Code Execution via phar:// Stream Wrapper
Jan 22, 2019
CVSS 9.8
EPSS 0.76
CVE-2019-6338 HIGH
Drupal 7.x < 7.62 - Deserialization of Untrusted Data via PEAR Archive_Tar Library
Jan 22, 2019
CVSS 8.0
EPSS 0.01
CVE-2018-25085 LOW
Drupal Responsive Menus < 7.x-1.7 - Cross-Site Scripting in Configuration Setting Handler
May 01, 2023
CVSS 2.4
EPSS 0.01
CVE-2018-14773 MEDIUM
Symfony Http Foundation Web Cache Poisoning via X-Original-URL or X-Rewrite-URL Header
Aug 03, 2018
CVSS 6.5
EPSS 0.17
CVE-2018-7602 CRITICAL KEVNUCLEI
Drupal 7.x < 7.59 - Remote Code Execution
Jul 19, 2018
CVSS 9.8
EPSS 0.94
CVE-2018-9861 MEDIUM
CKEditor Enhanced Image 4.5.10-4.9.1 - Cross-Site Scripting via Crafted IMG Element
Apr 19, 2018
CVSS 6.1
EPSS 0.00
CVE-2018-9205 HIGH NUCLEI
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
Apr 04, 2018
CVSS 7.5
EPSS 0.81
CVE-2018-7600 CRITICAL KEVNUCLEI
Drupal Drupalgeddon 2 Forms API Property Injection
Mar 29, 2018
CVSS 9.8
EPSS 0.94
CVE-2017-6923 MEDIUM
Drupal 8.x <8.3.7 - Info Disclosure
Jan 22, 2019
CVSS 6.5
EPSS 0.01
CVE-2017-6922 MEDIUM
Drupal Core <8.3.4 & 7.x <7.56 - Auth Bypass
Jan 22, 2019
CVSS 6.5
EPSS 0.02
CVE-2017-6921 MEDIUM
Drupal 8.0.0-8.3.3 - Authenticated Arbitrary File Manipulation via REST File Resource
Jan 15, 2019
CVSS 5.9
EPSS 0.00
CVE-2017-6924 HIGH
Drupal 8.0.0-8.3.6 - Improper Privilege Management via REST API Comment Approval
Jan 15, 2019
CVSS 7.4
EPSS 0.00
CVE-2017-6925 CRITICAL
Drupal 8 core <8.3.7 - Info Disclosure
Jan 15, 2019
CVSS 9.8
EPSS 0.01
CVE-2017-6920 CRITICAL
Drupal 8.0.0-8.3.3 - Remote Code Execution via PECL YAML Parser
Aug 06, 2018
CVSS 9.8
EPSS 0.66
CVE-2017-6932 MEDIUM
Drupal 7.x < 7.57 - Open Redirect via Language Switcher Block
Mar 01, 2018
CVSS 4.7
EPSS 0.00
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV