Vulnerabilidades em Drupal
309 resultadosCVE-2020-13675—Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, whEPSS 1.2%CVE-2011-2714—A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions,EPSS 1.2%CVE-2010-2471—Drupal versions 5.x and 6.x has open redirectionEPSS 1.1%CVE-2020-13670—Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent priEPSS 1.1%CVE-2011-2715—An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column namEPSS 1.1%CVE-2020-13677—Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintendEPSS 1.0%CVE-2024-55638CRITICALDrupal core - Moderately critical - Gadget chain - SA-CORE-2024-008EPSS 1.0%CVE-2020-13667—Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces modulEPSS 0.9%CVE-2024-55636CRITICALDrupal core - Less critical - Gadget chain - SA-CORE-2024-006EPSS 0.9%CVE-2020-13662—Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to aEPSS 0.9%CVE-2024-55637CRITICALDrupal core - Moderately critical - Gadget chain - SA-CORE-2024-007EPSS 0.8%CVE-2018-7603—Search AutocompleteEPSS 0.8%CVE-2020-13676—The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. EPSS 0.8%CVE-2017-6379—Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some bloEPSS 0.8%CVE-2022-25270—The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editEPSS 0.8%CVE-2025-31693MEDIUMAI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022EPSS 0.7%CVE-2025-31692HIGHAI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021EPSS 0.7%CVE-2020-13663—Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, whichEPSS 0.7%CVE-2023-5256HIGHDrupal core - Critical - Cache poisoning - SA-CORE-2023-006EPSS 0.7%CVE-2020-13668—Access bypass in Drupal Core 8/9EPSS 0.7%