Vulnerabilidades em Drupal

309 resultados

CVE-2018-7602CRITICALDrupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004EPSS 99.1%KEV CVE-2019-6340HIGHDrupal core - Highly critical - Remote Code ExecutionEPSS 91.9%KEV CVE-2026-9082CRITICALDrupal core - Highly critical - SQL injection - SA-CORE-2026-004EPSS 84.6%KEV CVE-2019-6339—PHAR stream wrapper Arbitrary PHP code executionEPSS 33.2%CVE-2019-6341—Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-004EPSS 12.4%CVE-2024-45440MEDIUMcore/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_coEPSS 9.3%CVE-2020-13671HIGHDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extenEPSS 4.3%KEV CVE-2017-6381—A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated bEPSS 3.9%CVE-2020-13664—Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visitinEPSS 3.0%CVE-2020-13666—Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issueEPSS 2.9%CVE-2019-6338—third-party PEAR Archive_Tar library updatesEPSS 2.3%CVE-2017-6924—REST API can bypass comment approval - Access Bypass - Moderately CriticalEPSS 2.1%CVE-2017-6922—Files uploaded by anonymous users into a private file system can be accessed by other anonymous usersEPSS 1.9%CVE-2017-6377—When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attachEPSS 1.9%CVE-2017-6921—File REST resource does not properly validateEPSS 1.8%CVE-2017-6923—Access bypass in Drupal 8 viewsEPSS 1.6%CVE-2019-6342—Drupal core - Critical - Access bypass - SA-CORE-2019-008EPSS 1.6%CVE-2022-25277HIGHDrupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots froEPSS 1.4%CVE-2020-13665—Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FAEPSS 1.3%CVE-2022-25271—Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validationEPSS 1.2%

← anteriorpágina 1 / 16próxima →