Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-12848

  • EPSS 0.04%
  • Veröffentlicht 26.11.2025 01:28:33
  • Zuletzt bearbeitet 05.12.2025 14:44:25

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing Java...

3.7

CVE-2025-13083

  • EPSS 0.04%
  • Veröffentlicht 18.11.2025 16:55:37
  • Zuletzt bearbeitet 24.11.2025 17:42:44

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6,...

4.3

CVE-2025-13082

  • EPSS 0.03%
  • Veröffentlicht 18.11.2025 16:55:16
  • Zuletzt bearbeitet 24.11.2025 17:42:59

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 befo...

5.9

CVE-2025-13081

  • EPSS 0.11%
  • Veröffentlicht 18.11.2025 16:54:56
  • Zuletzt bearbeitet 24.11.2025 17:43:15

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9,...

5.3

CVE-2025-13080

  • EPSS 0.05%
  • Veröffentlicht 18.11.2025 16:54:32
  • Zuletzt bearbeitet 24.11.2025 17:43:22

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2....

6.1

CVE-2025-3057

  • EPSS 0.05%
  • Veröffentlicht 31.03.2025 22:15:23
  • Zuletzt bearbeitet 15.04.2025 14:31:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0...

5.4

CVE-2025-31675

  • EPSS 0.05%
  • Veröffentlicht 31.03.2025 22:15:20
  • Zuletzt bearbeitet 02.06.2025 16:25:25

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0...

4.6

CVE-2025-31673

  • EPSS 0.07%
  • Veröffentlicht 31.03.2025 22:15:19
  • Zuletzt bearbeitet 02.06.2025 16:25:04

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

7.5

CVE-2025-31674

  • EPSS 0.3%
  • Veröffentlicht 31.03.2025 22:15:19
  • Zuletzt bearbeitet 01.05.2025 14:35:58

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.1...

5.4

CVE-2024-12393

  • EPSS 0.4%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:21:01

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0...