Vulnerabilities in Drupal

309 results

Vexday analysis

O Drupal acumula 309 CVEs catalogadas, com 23 classificadas como críticas e 4 confirmadas em exploração ativa pelo catálogo KEV da CISA — uma taxa que é 2,9 vezes acima da média geral do catálogo, o que indica risco operacional concreto e não meramente teórico. A CVE mais perigosa em exploração ativa, CVE-2018-7602, apresenta EPSS de 0,9907, sinalizando altíssima probabilidade de exploração e exigindo atenção imediata em ambientes que ainda não aplicaram a correção correspondente. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão recorrente em plataformas de gerenciamento de conteúdo que requer controles rigorosos de sanitização de entrada e saída. As 14 CVEs surgidas nos últimos 90 dias e a existência de 6 vulnerabilidades com PoC pública reforçam a necessidade de ciclos de patching frequentes e monitoramento contínuo para instalações Drupal em produção.

CVE-2025-47701HIGHRestrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047EPSS 0.2%CVE-2024-13304MEDIUMMinify JS - Moderately critical - Cross site request forgery - SA-CONTRIB-2024-070EPSS 0.2%CVE-2026-3530MEDIUMOpenID Connect / OAuth client - Moderately critical - Server-side request forgery, Information disclosure - SA-CONTRIB-2026-025EPSS 0.2%CVE-2025-31680MEDIUMMatomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008EPSS 0.2%CVE-2025-31683MEDIUMGoogle Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012EPSS 0.2%CVE-2025-31684MEDIUMOAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013EPSS 0.2%CVE-2025-48921HIGHOpen Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079EPSS 0.2%CVE-2026-1554MEDIUMCentral Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007EPSS 0.2%CVE-2026-0946MEDIUMAT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003EPSS 0.1%CVE-2026-2349MEDIUMUI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010EPSS 0.1%CVE-2025-3131MEDIUMECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031EPSS 0.1%CVE-2025-12761LOWSimple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116EPSS 0.1%CVE-2025-13979MEDIUMMini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117EPSS 0.1%CVE-2026-0947MEDIUMAT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004EPSS 0.1%CVE-2025-13984MEDIUMNext.js - Critical - Access bypass - SA-CONTRIB-2025-122EPSS 0.1%CVE-2024-13261LOWAcquia DAM - Moderately critical - Cross Site Request Forgery, Denial of Service - SA-CONTRIB-2024-025EPSS 0.1%CVE-2026-1553MEDIUMDrupal Canvas - Moderately critical - Access bypass - SA-CONTRIB-2026-006EPSS 0.1%CVE-2026-3212MEDIUMTagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013EPSS 0.1%CVE-2026-2348MEDIUMQuick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009EPSS 0.1%CVE-2025-13983MEDIUMTagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121EPSS 0.1%

← previouspage 15 / 16next →