Drupal

Drupal

276 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Warnung Medienbericht
  • EPSS 84.63%
  • Veröffentlicht 20.05.2026 18:20:52
  • Zuletzt bearbeitet 21.05.2026 15:24:25

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before ...

  • EPSS 0.2%
  • Veröffentlicht 19.05.2026 22:28:07
  • Zuletzt bearbeitet 20.05.2026 22:58:38

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.0 before 11.3.7.

  • EPSS 0.4%
  • Veröffentlicht 19.05.2026 22:27:46
  • Zuletzt bearbeitet 20.05.2026 22:59:40

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2....

  • EPSS 0.24%
  • Veröffentlicht 19.05.2026 22:27:21
  • Zuletzt bearbeitet 20.05.2026 22:59:58

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11....

Exploit
  • EPSS 0.2%
  • Veröffentlicht 28.01.2026 18:56:05
  • Zuletzt bearbeitet 09.03.2026 14:39:22

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.

  • EPSS 0.3%
  • Veröffentlicht 26.11.2025 01:28:33
  • Zuletzt bearbeitet 26.03.2026 21:17:00

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing Java...

  • EPSS 0.25%
  • Veröffentlicht 18.11.2025 16:55:37
  • Zuletzt bearbeitet 08.01.2026 16:15:44

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6,...

  • EPSS 0.2%
  • Veröffentlicht 18.11.2025 16:55:16
  • Zuletzt bearbeitet 24.11.2025 17:42:59

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 befo...

  • EPSS 0.23%
  • Veröffentlicht 18.11.2025 16:54:56
  • Zuletzt bearbeitet 24.11.2025 17:43:15

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9,...

  • EPSS 0.29%
  • Veröffentlicht 18.11.2025 16:54:32
  • Zuletzt bearbeitet 24.11.2025 17:43:22

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2....