Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-13663
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Drupal Drupal
7.5
CVSSv3
CVE-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
Drupal Drupal
9.8
CVSSv3
CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions before 8.8.8; 8.9.x versions before ...
Drupal Drupal
9.8
CVSSv3
CVE-2017-6920
Drupal core 8 prior to 8.3.4 allows remote malicious users to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Drupal Drupal
2 Github repositories
6.1
CVSSv3
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.
Drupal Drupal
8.8
CVSSv3
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
8.1
CVSSv3
CVE-2019-6340
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x prior to 8.5.11 and Drupal 8.6.x prior to 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site ...
Drupal Drupal
3 EDB exploits
27 Github repositories
1 Article
NA
CVE-2007-5596
The core Upload module in Drupal 4.7.x prior to 4.7.8 and 5.x prior to 5.3 places the .html extension on a whitelist, which allows remote malicious users to conduct cross-site scripting (XSS) attacks by uploading .html files.
Drupal Drupal
NA
CVE-2009-2372
Drupal 6.x prior to 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via...
Drupal Drupal
NA
CVE-2008-4792
The core BlogAPI module in Drupal 5.x prior to 5.11 and 6.x prior to 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values.
Drupal Drupal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »