drupal

509 tracked vulnerabilities.

CVE-2017-6931 MEDIUM
Drupal 8.4.x <8.4.5 - Privilege Escalation
Mar 01, 2018
CVSS 6.5
EPSS 0.00
CVE-2017-6930 HIGH
Drupal 8.4.0-8.4.4 - Access Bypass via Node Translation Fallback
Mar 01, 2018
CVSS 8.1
EPSS 0.00
CVE-2017-6929 MEDIUM
Drupal 7.0-7.56 and 8.0-8.3.x - Cross-Site Scripting via jQuery Ajax Requests
Mar 01, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-6928 MEDIUM
Drupal core 7.x <7.57 - Auth Bypass
Mar 01, 2018
CVSS 5.3
EPSS 0.00
CVE-2017-6927 MEDIUM
Drupal 8.4.x <8.4.5 & 7.x <7.57 - XSS
Mar 01, 2018
CVSS 6.1
EPSS 0.01
CVE-2017-6926 HIGH
Drupal 8.4.x <8.4.5 - Info Disclosure
Mar 01, 2018
CVSS 8.1
EPSS 0.00
CVE-2017-6919 HIGH
Drupal 8 <8.2.8, <8.3.1 - Auth Bypass
Apr 20, 2017
CVSS 7.5
EPSS 0.01
CVE-2017-6381 HIGH
Drupal < 8.2.2 - Remote Code Execution via Third-Party Development Library
Mar 16, 2017
CVSS 8.1
EPSS 0.03
CVE-2017-6379 HIGH
Drupal 8.2.x < 8.2.7 - Cross-Site Request Forgery in Administrative Paths
Mar 16, 2017
CVSS 7.5
EPSS 0.00
CVE-2017-6377 HIGH
Drupal 8.2.x < 8.2.7 - Incorrect Authorization in Private File Editor
Mar 16, 2017
CVSS 7.5
EPSS 0.00
CVE-2016-9452 MEDIUM
Drupal < 8.2.3 - Denial of Service via Transliterate Mechanism
Nov 25, 2016
CVSS 6.5
EPSS 0.00
CVE-2016-9451 MEDIUM
Drupal 7.x < 7.52 - Authenticated Open Redirect
Nov 25, 2016
CVSS 6.8
EPSS 0.00
CVE-2016-9450 HIGH
Drupal 8.x < 8.2.3 - Cache Poisoning via Password Reset Form
Nov 25, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-9449 MEDIUM
Drupal 7.x < 7.52 and 8.x < 8.2.3 - Authenticated Sensitive Information Exposure via Taxonomy Module
Nov 25, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-7572 MEDIUM
Drupal 8.x < 8.1.10 - Authenticated Configuration Export Access Bypass
Oct 03, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-7571 MEDIUM
Drupal 8.x < 8.1.10 - Cross-Site Scripting via HTTP Exception
Oct 03, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-7570 MEDIUM
Drupal 8.x < 8.1.10 - Authenticated Comment Visibility Manipulation
Oct 03, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-6212 MEDIUM
Drupal <7.3.14, <8.1.3 - Auth Bypass
Sep 09, 2016
CVSS 5.3
EPSS 0.01
CVE-2016-6211 HIGH
Drupal 7.x <7.44 - Privilege Escalation
Sep 09, 2016
CVSS 8.8
EPSS 0.01
CVE-2016-5385 HIGH
Oracle Communications User Data Repository < 5.09 - Open Redirect
Jul 19, 2016
CVSS 8.1
EPSS 0.84
CVE-2016-3171 HIGH
Drupal 6.x < 6.38 - Remote Code Execution via Session Data Truncation
Apr 12, 2016
CVSS 8.1
EPSS 0.08
CVE-2016-3170 MEDIUM
Debian Linux < 7.43 - Information Disclosure
Apr 12, 2016
CVSS 5.3
EPSS 0.00
CVE-2016-3169 HIGH
Debian Linux < 6.38 - Access Control
Apr 12, 2016
CVSS 8.1
EPSS 0.01
CVE-2016-3168 MEDIUM
Drupal 6.x < 6.38 and 7.x < 7.43 - Reflected File Download via JSON Content
Apr 12, 2016
CVSS 6.4
EPSS 0.01
CVE-2016-3167 HIGH
Drupal 6.x < 6.38 - Open Redirect via Double-Encoded Destination Parameter
Apr 12, 2016
CVSS 7.4
EPSS 0.01
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV