Drupal

Drupal

266 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-11941

  • EPSS 0.17%
  • Published 05.12.2024 15:15:08
  • Last modified 02.06.2025 16:18:43

A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8.

5.9

CVE-2024-11942

  • EPSS 0.26%
  • Published 05.12.2024 15:15:08
  • Last modified 02.06.2025 16:20:21

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.

5.3

CVE-2024-45440

  • EPSS 84.75%
  • Published 29.08.2024 11:15:27
  • Last modified 21.04.2025 15:15:58

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.

7.5

CVE-2024-22362

  • EPSS 0.08%
  • Published 16.01.2024 04:15:07
  • Last modified 20.06.2025 18:15:27

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

7.5

CVE-2023-5256

  • EPSS 0.99%
  • Published 28.09.2023 19:15:10
  • Last modified 21.11.2024 08:41:23

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only ...

6.5

CVE-2023-31250

  • EPSS 0.26%
  • Published 26.04.2023 19:15:09
  • Last modified 03.02.2025 17:15:14

The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this secur...

6.1

CVE-2022-25276

  • EPSS 1.24%
  • Published 26.04.2023 15:15:08
  • Last modified 03.02.2025 19:15:09

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or oth...

7.2

CVE-2022-25277

  • EPSS 0.19%
  • Published 26.04.2023 15:15:08
  • Last modified 03.02.2025 19:15:09

Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protec...

6.5

CVE-2022-25278

  • EPSS 0.37%
  • Published 26.04.2023 15:15:08
  • Last modified 03.02.2025 19:15:09

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, fo...

7.5

CVE-2022-25273

  • EPSS 0.18%
  • Published 26.04.2023 14:15:09
  • Last modified 03.02.2025 20:15:30

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but...