CVE-2026-9082
- EPSS 84.63%
- Veröffentlicht 20.05.2026 18:20:52
- Zuletzt bearbeitet 21.05.2026 15:24:25
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before ...
CVE-2026-6367
- EPSS 0.2%
- Veröffentlicht 19.05.2026 22:28:07
- Zuletzt bearbeitet 20.05.2026 22:58:38
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.0 before 11.3.7.
CVE-2026-6366
- EPSS 0.4%
- Veröffentlicht 19.05.2026 22:27:46
- Zuletzt bearbeitet 20.05.2026 22:59:40
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2....
CVE-2026-6365
- EPSS 0.24%
- Veröffentlicht 19.05.2026 22:27:21
- Zuletzt bearbeitet 20.05.2026 22:59:58
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11....
CVE-2026-0749
- EPSS 0.2%
- Veröffentlicht 28.01.2026 18:56:05
- Zuletzt bearbeitet 09.03.2026 14:39:22
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.
CVE-2025-12848
- EPSS 0.3%
- Veröffentlicht 26.11.2025 01:28:33
- Zuletzt bearbeitet 26.03.2026 21:17:00
Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing Java...
CVE-2025-13083
- EPSS 0.25%
- Veröffentlicht 18.11.2025 16:55:37
- Zuletzt bearbeitet 08.01.2026 16:15:44
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6,...
CVE-2025-13082
- EPSS 0.2%
- Veröffentlicht 18.11.2025 16:55:16
- Zuletzt bearbeitet 24.11.2025 17:42:59
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 befo...
CVE-2025-13081
- EPSS 0.23%
- Veröffentlicht 18.11.2025 16:54:56
- Zuletzt bearbeitet 24.11.2025 17:43:15
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9,...
CVE-2025-13080
- EPSS 0.29%
- Veröffentlicht 18.11.2025 16:54:32
- Zuletzt bearbeitet 24.11.2025 17:43:22
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2....