drupal
557 tracked vulnerabilities.
CVE-2019-11876
MEDIUM
PrestaShop 1.7.5.2 - Reflected Cross-Site Scripting via Shop Country Parameter
May 24, 2019
CVSS 6.1
EPSS 0.01
CVE-2019-10911
HIGH
Sensiolabs Symfony < 2.7.51 - Authentication Bypass
May 16, 2019
CVSS 7.5
EPSS 0.01
CVE-2019-10910
CRITICAL
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - SQLi & RCE via Service ID
May 16, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-10909
MEDIUM
Symfony 2.7.0-2.7.50, 2.8.0-2.8.49, 3.0.0-3.4.25, 4.0.0-4.1.11, 4.2.0-4.2.6 - XSS in Validation Messages
May 16, 2019
CVSS 5.4
EPSS 0.01
CVE-2019-11831
CRITICAL
PharStreamWrapper <2.1.1-3.1.1 - Path Traversal
May 09, 2019
CVSS 9.8
EPSS 0.06
CVE-2019-11358
MEDIUM
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
Apr 20, 2019
CVSS 6.1
EPSS 0.87
CVE-2019-6341
MEDIUM
Drupal 7 < 7.65 - Cross-Site Scripting via File Upload
Mar 26, 2019
CVSS 5.4
EPSS 0.12
CVE-2019-6340
HIGH
KEVNUCLEI
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Feb 21, 2019
CVSS 8.1
EPSS 0.92
CVE-2019-6339
CRITICAL
Drupal Core < 7.62 - Remote Code Execution via phar:// Stream Wrapper
Jan 22, 2019
CVSS 9.8
EPSS 0.33
CVE-2019-6338
HIGH
Drupal 7.x < 7.62 - Deserialization of Untrusted Data via PEAR Archive_Tar Library
Jan 22, 2019
CVSS 8.0
EPSS 0.02
CVE-2018-25085
LOW
Drupal Responsive Menus < 7.x-1.7 - Cross-Site Scripting in Configuration Setting Handler
May 01, 2023
CVSS 2.4
EPSS 0.00
CVE-2018-14773
MEDIUM
Symfony Http Foundation Web Cache Poisoning via X-Original-URL or X-Rewrite-URL Header
Aug 03, 2018
CVSS 6.5
EPSS 0.58
CVE-2018-7602
CRITICAL
KEVNUCLEI
Drupal 7.x < 7.59 - Remote Code Execution
Jul 19, 2018
CVSS 9.8
EPSS 0.99
CVE-2018-9861
MEDIUM
CKEditor Enhanced Image 4.5.10-4.9.1 - Cross-Site Scripting via Crafted IMG Element
Apr 19, 2018
CVSS 6.1
EPSS 0.02
CVE-2018-9205
HIGH
NUCLEI
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
Apr 04, 2018
CVSS 7.5
EPSS 0.57
CVE-2018-7600
CRITICAL
KEVNUCLEI
Drupal Drupalgeddon 2 Forms API Property Injection
Mar 29, 2018
CVSS 9.8
EPSS 1.00
CVE-2017-6923
MEDIUM
Drupal 8.x <8.3.7 - Info Disclosure
Jan 22, 2019
CVSS 6.5
EPSS 0.02
CVE-2017-6922
MEDIUM
Drupal Core <8.3.4 & 7.x <7.56 - Auth Bypass
Jan 22, 2019
CVSS 6.5
EPSS 0.02
CVE-2017-6921
MEDIUM
Drupal 8.0.0-8.3.3 - Authenticated Arbitrary File Manipulation via REST File Resource
Jan 15, 2019
CVSS 5.9
EPSS 0.02
CVE-2017-6924
HIGH
Drupal 8.0.0-8.3.6 - Improper Privilege Management via REST API Comment Approval
Jan 15, 2019
CVSS 7.4
EPSS 0.02
CVE-2017-6925
CRITICAL
Drupal 8 core <8.3.7 - Info Disclosure
Jan 15, 2019
CVSS 9.8
EPSS 0.03
CVE-2017-6920
CRITICAL
Drupal 8.0.0-8.3.3 - Remote Code Execution via PECL YAML Parser
Aug 06, 2018
CVSS 9.8
EPSS 0.20
CVE-2017-6932
MEDIUM
Drupal 7.x < 7.57 - Open Redirect via Language Switcher Block
Mar 01, 2018
CVSS 4.7
EPSS 0.01
CVE-2017-6931
MEDIUM
Drupal 8.4.x <8.4.5 - Privilege Escalation
Mar 01, 2018
CVSS 6.5
EPSS 0.01
CVE-2017-6930
HIGH
Drupal 8.4.0-8.4.4 - Access Bypass via Node Translation Fallback
Mar 01, 2018
CVSS 8.1
EPSS 0.01
Products
drupal 274
core 95
Drupal core 10
core-recommended 6
project_issue_tracking_module 6
print 5
aggregation_module 4
ai 4
everyblog 4
project 4
ubercart_module 4
AI (Artificial Intelligence) 3
Drupal Canvas 3
Drupal Core 3
OpenID Connect / OAuth client 3
content_construction_kit 3
drupal_project_issue_tracking 3
shindig-integrator 3
AI Agents 2
Advanced Content Feedback (aka admin_feedback) 2
Anti-Spam by CleanTalk 2
File Access Fix (deprecated) 2
FlowDrop 2
Login Disable 2
Paragraphs 2
SAML SSO - Service Provider 2
Tagify 2
activity 2
ajax_checklist 2
artificial_intelligence 2
Quick Filters