Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions before 8.8.10; 8.9.X versions before 8.9.6; 9.0.X versions ...
Drupal Drupal
6.1
CVSSv3
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 up to and including 4.16.x prior to 4.16.1 allows remote malicious users to inject executable JavaScript code through a crafted comment because --!> is mishandled.
Ckeditor Ckeditor
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
Debian Debian Linux 9.0
5.3
CVSSv3
CVE-2020-13667
Access bypass vulnerability in of Drupal Core Workspaces allows an malicious user to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker...
Drupal Drupal
6.1
CVSSv3
CVE-2020-13662
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
Drupal Drupal
8.8
CVSSv3
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
9.8
CVSSv3
CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions before 8.8.8; 8.9.x versions before ...
Drupal Drupal
6.1
CVSSv3
CVE-2020-13666
Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions before 7.73; 8.8.x versions before 8.8.10; 8.9.x versions before 8.9.6; 9.0.x versions before 9.0....
Drupal Drupal
7.5
CVSSv3
CVE-2020-36193
Tar.php in Archive_Tar up to and including 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Php Archive Tar
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
7.5
CVSSv3
CVE-2019-25012
The Webform Report project 7.x-1.x-dev for Drupal allows remote malicious users to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy.
Webform Report Project Webform Report 7.x-1.x-dev
8.8
CVSSv3
CVE-2018-25002
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.
Sunhater Kcfinder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »