Drupal

Drupal

272 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-12393

  • EPSS 1.4%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:21:01

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0...

8.1

CVE-2024-55634

  • EPSS 0.63%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:21:42

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

6.1

CVE-2024-55635

  • EPSS 0.47%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:22:31

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.

9.8

CVE-2024-55636

  • EPSS 8.79%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:09

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is e...

9.8

CVE-2024-55637

  • EPSS 7.61%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:28

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is e...

9.8

CVE-2024-55638

  • EPSS 6.17%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:56

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is explo...

7.5

CVE-2024-11941

  • EPSS 0.9%
  • Veröffentlicht 05.12.2024 15:15:08
  • Zuletzt bearbeitet 02.06.2025 16:18:43

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.

5.9

CVE-2024-11942

  • EPSS 1.15%
  • Veröffentlicht 05.12.2024 15:15:08
  • Zuletzt bearbeitet 02.06.2025 16:20:21

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

5.3

CVE-2024-45440

  • EPSS 86.44%
  • Veröffentlicht 29.08.2024 11:15:27
  • Zuletzt bearbeitet 21.04.2025 15:15:58

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

7.5

CVE-2024-22362

  • EPSS 0.1%
  • Veröffentlicht 16.01.2024 04:15:07
  • Zuletzt bearbeitet 20.06.2025 18:15:27

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.