drupal
557 tracked vulnerabilities.
CVE-2022-25278
MEDIUM
Drupal 8.0.0-9.3.18 - Unauthenticated Form Access Control Bypass
Apr 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-25277
HIGH
Drupal 8.0.0-9.3.18 - Unrestricted Upload of File with Dangerous Type via .htaccess Extension Bypass
Apr 26, 2023
CVSS 7.2
EPSS 0.01
CVE-2022-25276
MEDIUM
Drupal 9.3.0-9.3.18 and Drupal Core 8.0.0-9.3.18 - Cross-Site Scripting via Media oEmbed Iframe Domain Validation
Apr 26, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-25275
HIGH
Drupal 7.0-7.90 - Unauthenticated Unrestricted File Access via Image Style Derivative Generation
Apr 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25274
MEDIUM
Drupal 9.3.0-9.3.11 - Incorrect Authorization in Entity Revision Access API
Apr 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-25273
HIGH
Drupal 8.0.0-9.2.17 - Improper Input Validation in Form API
Apr 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-39261
HIGH
Twig < 1.44.7, 2.x < 2.15.3, 3.x < 3.4.3 - Path Traversal via Namespace Bypass
Sep 28, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31160
MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-31043
HIGH
Guzzle < 6.5.7 - Sensitive Information Exposure via HTTPS to HTTP Redirect
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31042
HIGH
Guzzle < 6.5.7 - Sensitive Cookie Header Exposure via Redirect Handling
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-26493
CRITICAL
miniOrange Premium-Enterprise Drupal SAML SP - Auth Bypass
Jun 03, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-29248
HIGH
Guzzle < 6.5.6 - Cookie Domain Validation Bypass
May 25, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-24775
HIGH
Drupal < 9.2.16 - Improper Input Validation
Mar 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24729
MEDIUM
CKEditor 4.0-4.17.2 - Denial of Service via Dialog Input Validator Regex
Mar 16, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-24728
MEDIUM
CKEditor 4 < 4.18.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
Mar 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25270
MEDIUM
Drupal 9.2.0-9.2.12 and 9.3.0-9.3.5 - Incorrect Authorization in Quick Edit Module
Feb 17, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-25271
HIGH
Drupal 7.0.0-7.87 and 9.3.0-9.3.5 - Improper Input Validation in Form API
Feb 16, 2022
CVSS 7.5
EPSS 0.01
CVE-2021-41165
HIGH
CKEditor < 4.17.0 - Stored Cross-Site Scripting via Malformed HTML Comment Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41164
HIGH
CKEditor 4 < 4.17.0 - Stored Cross-Site Scripting via Advanced Content Filter Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41184
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.45
CVE-2021-41183
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.08
CVE-2021-41182
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.42
CVE-2021-33829
MEDIUM
NUCLEI
CKEditor 4.14.0-4.16.0 - Cross-Site Scripting via HTML Comment Parsing
Jun 09, 2021
CVSS 6.1
EPSS 0.03
CVE-2020-13677
HIGH
Drupal 8.0.0-8.9.18 - Improper Access Control in JSON:API Module
Feb 11, 2022
CVSS 7.5
EPSS 0.01
CVE-2020-13676
MEDIUM
Drupal 8.9.0-8.9.18 and Drupal Core 8.0.0-8.9.18 - Improper Access Control in QuickEdit Module
Feb 11, 2022
CVSS 6.5
EPSS 0.01
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters