Filtered by vendor Drupal
Subscribe
Total
853 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22362 | 1 Drupal | 1 Drupal | 2025-06-20 | N/A | 7.5 HIGH |
| Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. | |||||
| CVE-2025-48915 | 1 Drupal | 1 Cookies Consent Management | 2025-06-18 | N/A | 8.6 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. | |||||
| CVE-2025-48914 | 1 Drupal | 1 Cookies Consent Management | 2025-06-18 | N/A | 8.6 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15. | |||||
| CVE-2025-31675 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5. | |||||
| CVE-2025-31673 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 4.6 MEDIUM |
| Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | |||||
| CVE-2024-55638 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. | |||||
| CVE-2024-55637 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so-called gadget chain presents no direct threat but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. | |||||
| CVE-2024-55636 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization vulnerability exists on the site. This so called gadget chain presents no direct threat, but is a vector that can be used to achieve remote code execution if the application deserializes untrusted data due to another vulnerability. | |||||
| CVE-2024-55635 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102. | |||||
| CVE-2024-55634 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 8.1 HIGH |
| A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | |||||
| CVE-2024-12393 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | |||||
| CVE-2024-11942 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 5.9 MEDIUM |
| A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | |||||
| CVE-2024-11941 | 1 Drupal | 1 Drupal | 2025-06-02 | N/A | 7.5 HIGH |
| A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. | |||||
| CVE-2025-3474 | 1 Drupal | 1 Panels | 2025-05-01 | N/A | 6.5 MEDIUM |
| Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0. | |||||
| CVE-2025-31692 | 1 Drupal | 1 Artificial Intelligence | 2025-05-01 | N/A | 7.5 HIGH |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5. | |||||
| CVE-2025-31674 | 1 Drupal | 1 Drupal | 2025-05-01 | N/A | 7.5 HIGH |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3. | |||||
| CVE-2025-3130 | 1 Drupal | 1 Obfuscate | 2025-04-29 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1. | |||||
| CVE-2025-3131 | 1 Drupal | 1 Eca\ | 2025-04-22 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*. | |||||
| CVE-2024-45440 | 1 Drupal | 1 Drupal | 2025-04-21 | N/A | 5.3 MEDIUM |
| core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist. | |||||
| CVE-2017-6379 | 1 Drupal | 1 Drupal | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID. | |||||