drupal

509 tracked vulnerabilities.

CVE-2016-3166 MEDIUM
Drupal 6.x <6.38 - CRLF Injection
Apr 12, 2016
CVSS 5.9
EPSS 0.00
CVE-2016-3165 HIGH
Drupal 6.x < 6.38 - Improper Access Control via Form API Submit Button
Apr 12, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-3164 HIGH
Drupal 6.x < 6.38, 7.x < 7.43, 8.x < 8.0.4 - Open Redirect via Path Manipulation
Apr 12, 2016
CVSS 7.4
EPSS 0.01
CVE-2016-3163 HIGH
Debian Linux < 7.43 - Security Feature Bypass
Apr 12, 2016
CVSS 7.5
EPSS 0.01
CVE-2016-3162 HIGH
Drupal 7.x < 7.43 and 8.x < 8.0.4 - Authenticated Improper Access Control in File Module
Apr 12, 2016
CVSS 8.1
EPSS 0.00
CVE-2015-7943 MEDIUM
Drupal <7.41, jQuery Update <7.2.7, LABjs <7.1.8 - Open Redirect
Oct 18, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-7880 MEDIUM
Drupal Entity Reg <7.x-1.5 - Info Disclosure
Sep 13, 2017
CVSS 4.3
EPSS 0.00
CVE-2015-2750 MEDIUM
Drupal 6.x < 6.35 and 7.x < 7.35 - Open Redirect via URL API Functions
Sep 13, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-2749 MEDIUM
Drupal 6.x < 6.35 and 7.x < 7.35 - Open Redirect via Destination Parameter
Sep 13, 2017
CVSS 6.1
EPSS 0.01
CVE-2015-6665
Fedora - Cross-Site Scripting
Aug 24, 2015
EPSS 0.01
CVE-2015-6661
Drupal 6.x < 6.37 and 7.x < 7.39 - Unauthenticated Sensitive Node Title Exposure via Menu
Aug 24, 2015
EPSS 0.01
CVE-2015-6660
Drupal 6.x < 6.37 and 7.x < 7.39 - Cross-Site Request Forgery via File Upload Value Callbacks
Aug 24, 2015
EPSS 0.00
CVE-2015-6659
Drupal 7.x < 7.39 - SQL Injection via SQL Comment Filtering
Aug 24, 2015
EPSS 0.14
CVE-2015-6658
Drupal 6.x < 6.37 and 7.x < 7.39 - Cross-Site Scripting via Autocomplete File Upload
Aug 24, 2015
EPSS 0.01
CVE-2015-3234
Drupal 6.x < 6.36 and 7.x < 7.38 - Unauthenticated Account Takeover via OpenID Provider Spoofing
Jun 22, 2015
EPSS 0.00
CVE-2015-3233
Drupal 7.x < 7.38 - Open Redirect via Overlay Module
Jun 22, 2015
EPSS 0.05
CVE-2015-3232
Drupal 7.x < 7.38 - Open Redirect via Field UI Destinations Parameter
Jun 22, 2015
EPSS 0.00
CVE-2015-3231
Drupal 7.x < 7.38 - Authenticated Exposure of Sensitive Information via Render Cache
Jun 22, 2015
EPSS 0.00
CVE-2015-2559
Debian Linux < 6.35 - Improper Access Control
Mar 25, 2015
EPSS 0.00
CVE-2014-5170 CRITICAL
Drupal Storage API < 7.x-1.6 - Remote Code Execution via .htaccess Misconfiguration
Mar 29, 2018
CVSS 9.8
EPSS 0.08
CVE-2014-9016
Drupal 7.x < 7.34 and Secure Password Hashes 6.x-2.x < 6.x-2.1 - Denial of Service via Password Hashing API
Nov 24, 2014
EPSS 0.80
CVE-2014-9015
Drupal 6.x < 6.34 and 7.x < 7.34 - Session Hijacking via HTTP/HTTPS Request Handling
Nov 24, 2014
EPSS 0.02
CVE-2014-8734
Drupal Organic Groups Menu < 7.x-2.2 - Authenticated Settings Modification
Nov 12, 2014
EPSS 0.00
CVE-2014-8296
Drupal Modal Frame API module 6.x-1.x < 6.x-1.9 - Cross-Site Scripting
Oct 16, 2014
EPSS 0.00
CVE-2014-3704 NUCLEI
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
Oct 16, 2014
EPSS 0.94
Products
drupal 273 core 91 core-recommended 6 project_issue_tracking_module 6 Drupal core 5 print 5 aggregation_module 4 ai 4 everyblog 4 project 4 ubercart_module 4 Drupal Core 3 OpenID Connect / OAuth client 3 content_construction_kit 3 drupal_project_issue_tracking 3 shindig-integrator 3 File Access Fix (deprecated) 2 activity 2 ajax_checklist 2 artificial_intelligence 2 bibliography_module 2 brilliant_gallery 2 chatroom_module 2 civictheme 2 cookies_consent_management 2 custom_search_module 2 data 2 database_administration_module 2 drupal_easylinks_module 2 google_tag 2
Quick Filters
Critical CVEs With Exploits In CISA KEV