Drupal

Drupal

271 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-55634

  • EPSS 0.17%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:21:42

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

6.1

CVE-2024-55635

  • EPSS 0.38%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:22:31

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.

9.8

CVE-2024-55636

  • EPSS 3.55%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:09

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is e...

9.8

CVE-2024-55637

  • EPSS 3.43%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:28

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is e...

9.8

CVE-2024-55638

  • EPSS 3.55%
  • Veröffentlicht 10.12.2024 00:15:22
  • Zuletzt bearbeitet 02.06.2025 16:23:56

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. Drupal core contains a chain of methods that is explo...

7.5

CVE-2024-11941

  • EPSS 0.17%
  • Veröffentlicht 05.12.2024 15:15:08
  • Zuletzt bearbeitet 02.06.2025 16:18:43

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.

5.9

CVE-2024-11942

  • EPSS 0.59%
  • Veröffentlicht 05.12.2024 15:15:08
  • Zuletzt bearbeitet 02.06.2025 16:20:21

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

5.3

CVE-2024-45440

  • EPSS 84.68%
  • Veröffentlicht 29.08.2024 11:15:27
  • Zuletzt bearbeitet 21.04.2025 15:15:58

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

7.5

CVE-2024-22362

  • EPSS 0.08%
  • Veröffentlicht 16.01.2024 04:15:07
  • Zuletzt bearbeitet 20.06.2025 18:15:27

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

7.5

CVE-2023-5256

  • EPSS 0.99%
  • Veröffentlicht 28.09.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:41:23

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only ...