Vulnerabilities in Drupal
309 resultsCVE-2024-13268MEDIUMOpigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032EPSS 0.5%CVE-2020-13674—The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and EPSS 0.4%CVE-2024-11941HIGHDrupal core - Moderately critical - Denial of Service - SA-CORE-2024-001EPSS 0.4%CVE-2024-13264CRITICALOpigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028EPSS 0.4%CVE-2024-13279CRITICALTwo-factor Authentication (TFA) - Critical - Access bypass - SA-CONTRIB-2024-043EPSS 0.4%CVE-2024-13285CRITICALwkhtmltopdf - Highly critical - Unsupported - SA-CONTRIB-2024-049EPSS 0.4%CVE-2025-31675MEDIUMDrupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004EPSS 0.4%CVE-2025-3061MEDIUMMaterial Admin - Critical - Unsupported - SA-CONTRIB-2025-006EPSS 0.4%CVE-2025-3062MEDIUMDrupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010EPSS 0.4%CVE-2022-25274MEDIUMDrupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permiEPSS 0.4%CVE-2026-0748MEDIUMAccess bypass in Drupal 7 i18n_node translation UIEPSS 0.4%CVE-2024-55634HIGHDrupal core - Moderately critical - Access bypass - SA-CORE-2024-004EPSS 0.4%CVE-2026-6366MEDIUMDrupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002EPSS 0.4%CVE-2025-3059MEDIUMProfile Private - Critical - Unsupported - SA-CONTRIB-2025-002EPSS 0.4%CVE-2024-13280CRITICALPersistent Login - Moderately critical - Access bypass - SA-CONTRIB-2024-044EPSS 0.4%CVE-2024-13297MEDIUMEloqua - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-063EPSS 0.4%CVE-2024-13296MEDIUMMailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062EPSS 0.4%CVE-2024-13295MEDIUMNode export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061EPSS 0.4%CVE-2026-1556MEDIUMInformation disclosure via file URI overwrite in File (Field) PathsEPSS 0.4%CVE-2024-13256HIGHEmail Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020EPSS 0.4%