Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal core vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2020-13672
Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions before 9.1.7; 9.0.x versions before 9.0.12; 8.9.x versions before 8.9.14; 7.x ...
Drupal Drupal
4.3
CVSSv2
CVE-2020-13677
Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.
Drupal Drupal
3.5
CVSSv2
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, w...
Ckeditor Ckeditor
Drupal Drupal
Oracle Webcenter Portal 12.2.1.3.0
Oracle Agile Product Lifecycle Management 9.3.6
Oracle Banking Digital Experience 19.1
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience
Oracle Application Express
6.8
CVSSv2
CVE-2020-13663
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Drupal Drupal
4.3
CVSSv2
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions before 8.8.10; 8.9.X versions before 8.9.6; 9.0.X versions ...
Drupal Drupal
4.3
CVSSv2
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 up to and including 4.16.x prior to 4.16.1 allows remote malicious users to inject executable JavaScript code through a crafted comment because --!> is mishandled.
Ckeditor Ckeditor
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2020-13667
Access bypass vulnerability in of Drupal Core Workspaces allows an malicious user to access data without correct permissions. The Workspaces module doesn't sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker...
Drupal Drupal
5.8
CVSSv2
CVE-2020-13662
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
Drupal Drupal
7.5
CVSSv2
CVE-2020-13665
Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions before 8.8.8; 8.9.x versions before ...
Drupal Drupal
9.3
CVSSv2
CVE-2020-13664
Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker c...
Drupal Drupal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »