Drupal

Drupal

272 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2026-0749

  • EPSS 0.05%
  • Veröffentlicht 28.01.2026 18:56:05
  • Zuletzt bearbeitet 29.01.2026 16:31:00

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Form Builder allows Cross-Site Scripting (XSS).This issue affects Drupal: from 7.X-1.0 through 7.X-1.22.

6.1

CVE-2025-12848

  • EPSS 0.07%
  • Veröffentlicht 26.11.2025 01:28:33
  • Zuletzt bearbeitet 05.12.2025 14:44:25

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing Java...

3.7

CVE-2025-13083

  • EPSS 0.06%
  • Veröffentlicht 18.11.2025 16:55:37
  • Zuletzt bearbeitet 08.01.2026 16:15:44

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6,...

4.3

CVE-2025-13082

  • EPSS 0.05%
  • Veröffentlicht 18.11.2025 16:55:16
  • Zuletzt bearbeitet 24.11.2025 17:42:59

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 befo...

5.9

CVE-2025-13081

  • EPSS 0.16%
  • Veröffentlicht 18.11.2025 16:54:56
  • Zuletzt bearbeitet 24.11.2025 17:43:15

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9,...

5.3

CVE-2025-13080

  • EPSS 0.08%
  • Veröffentlicht 18.11.2025 16:54:32
  • Zuletzt bearbeitet 24.11.2025 17:43:22

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2....

6.1

CVE-2025-3057

  • EPSS 0.35%
  • Veröffentlicht 31.03.2025 22:15:23
  • Zuletzt bearbeitet 15.04.2025 14:31:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0...

5.4

CVE-2025-31675

  • EPSS 0.27%
  • Veröffentlicht 31.03.2025 22:15:20
  • Zuletzt bearbeitet 02.06.2025 16:25:25

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0...

4.6

CVE-2025-31673

  • EPSS 0.28%
  • Veröffentlicht 31.03.2025 22:15:19
  • Zuletzt bearbeitet 02.06.2025 16:25:04

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

7.5

CVE-2025-31674

  • EPSS 1.04%
  • Veröffentlicht 31.03.2025 22:15:19
  • Zuletzt bearbeitet 01.05.2025 14:35:58

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.1...