pkg:Bitnami/drupal

共 66 筆 CVECRITICAL6HIGH23MEDIUM36LOW1

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2020-13671⚠ KEVDrupal core Unrestricted Upload of File with Dangerous Type
    >= 7.0.0, < 7.74.0, >= 8.8.0, < 8.8.11, >= 8.9.0, < 8.9.9, >= 9.0.0, < 9.0.8
  • HIGH7.5CVE-2020-36193⚠ KEVDirectory Traversal in Archive_Tar
    >= 7.0.0, < 7.78.0, >= 8.9.0, < 8.9.13, >= 9.0.0, < 9.0.11, >= 9.1.0, < 9.1.3
  • MEDIUM6.9CVE-2020-11023⚠ KEVPotential XSS vulnerability in jQuery
    >= 7.0.0, < 7.70.0, >= 8.7.0, < 8.7.14, >= 8.8.0, < 8.8.6
  • CRITICAL10.0CVE-2025-41240The Bitnami WordPress Helm chart mounts Kubernetes Secrets under a predictable path (/opt/bitnami/wordpress/secrets) that is located within…
    >= 11.1.5-0, < 11.2.2-1
  • CRITICAL9.8CVE-2024-55638Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
    >= 7.0.0, < 10.3.9
  • CRITICAL9.8CVE-2024-55637Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
    >= 8.0.0, < 10.3.9, >= 11.0.0, < 11.0.8
  • CRITICAL9.8CVE-2024-55636Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
    >= 8.0.0, < 10.3.9, >= 11.0.0, < 11.0.8
  • CRITICAL9.8CVE-2020-13665Drupal Core Access bypass vulnerability
    >= 8.8.0, < 8.8.8, >= 8.9.0, < 8.9.1, >= 9.0.0, < 9.0.1
  • CRITICAL9.8CVE-2020-13675Unrestricted Upload of File with Dangerous Type in Drupal core
    >= 8.0.0, < 8.9.19, >= 9.1.0, < 9.1.13, >= 9.2.0, < 9.2.6
  • HIGH8.8CVE-2020-13664Drupal Core Arbitrary PHP code execution vulnerability
    >= 8.8.0, < 8.8.8, >= 8.9.0, < 8.9.1, >= 9.0.0, < 9.0.1
  • HIGH8.8CVE-2020-13663drupal7 - security update
    >= 7.0.0, < 7.72.0, >= 8.8.0, < 8.8.8, >= 8.9.0, < 8.9.1, >= 9.0.0, < 9.0.1
  • HIGH8.2CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code
    >= 8.9.0, < 8.9.20, >= 9.1.0, < 9.1.14, >= 9.2.0, < 9.2.9
  • HIGH8.2CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
    >= 8.9.0, < 8.9.20, >= 9.1.0, < 9.1.14, >= 9.2.0, < 9.2.9
  • HIGH8.1CVE-2024-55634Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
    >= 8.0.0, < 10.3.9, >= 11.0.0, < 11.0.8
  • HIGH8.0CVE-2022-29248Cross-domain cookie leakage in Guzzle
    >= 9.2.0, < 9.2.20, >= 9.3.0, < 9.3.14
  • HIGH7.8CVE-2020-28948php-pear - security update
    >= 7.0.0, < 7.75.0, >= 8.0.0, < 8.9.10, >= 9.0.0, < 9.0.9
  • HIGH7.8CVE-2020-28948php-pear - security update
    >= 7.0.0, < 7.75.0, >= 8.0.0, < 8.9.10, >= 9.0.0, < 9.0.9
  • HIGH7.5CVE-2025-31674Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003
    >= 8.0.0, < 10.4.3, >= 11.0.0, < 11.1.3
  • HIGH7.5CVE-2024-11941Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001
    >= 8.0.0, < 10.2.4
  • HIGH7.5CVE-2024-22362Drupal Denial of Service vulnerability
    >= 9.3.6, < 10.2.6
  • HIGH7.5CVE-2023-5256Drupal core - Critical - Cache poisoning - SA-CORE-2023-006
    >= 8.7.0, < 9.5.11, >= 10.0.0, < 10.0.11, >= 10.1.0, < 10.1.4
  • HIGH7.5CVE-2022-39261Twig may load a template outside a configured directory when using the filesystem loader
    >= 8.0.0, < 9.3.22, >= 9.4.0, < 9.4.7
  • HIGH7.5CVE-2022-25275Drupal core Information Disclosure vulnerability
    >= 7.0.0, < 7.91.0, >= 8.0.0, < 9.3.19, >= 9.4.0, < 9.4.3
  • HIGH7.5CVE-2022-31042Fix failure to strip Authorization header on HTTP downgrade in Guzzle
    >= 9.2.0, < 9.2.21, >= 9.3.0, < 9.3.16
  • HIGH7.5CVE-2022-31042Fix failure to strip Authorization header on HTTP downgrade in Guzzle
    >= 9.2.0, < 9.2.21, >= 9.3.0, < 9.3.16
  • HIGH7.5CVE-2022-25273Improper input validation in Drupal core
    >= 8.0.0, < 9.2.18, >= 9.3.0, < 9.3.12
  • HIGH7.5CVE-2022-25271drupal7 - security update
    >= 7.0.0, < 7.88.0, >= 9.2.0, < 9.2.13, >= 9.3.0, < 9.3.6
  • HIGH7.5CVE-2020-13677Drupal core access bypass vulnerability
    >= 8.0.0, < 8.9.19, >= 9.1.0, < 9.1.13, >= 9.2.0, < 9.2.6
  • HIGH7.5CVE-2020-13670Exposure of Resource to Wrong Sphere in Drupal Core
    >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • HIGH7.2CVE-2022-25277Drupal core arbitrary PHP code execution
    >= 8.0.0, < 9.3.19, >= 9.4.0, < 9.4.3
  • MEDIUM6.9CVE-2020-11022Potential XSS vulnerability in jQuery
    >= 7.0.0, < 7.70.0, >= 8.7.0, < 8.7.14, >= 8.8.0, < 8.8.6
  • MEDIUM6.6CVE-2026-6366Drupal core - Moderately critical - Gadget Chain - SA-CORE-2026-002
    >= 8.0.0, < 10.5.9, >= 10.6.0, < 10.6.7, >= 11.0.0, < 11.2.11, >= 11.3.0, < 11.3.7
  • MEDIUM6.5CVE-2023-31250Drupal core - Moderately critical - Access bypass - SA-CORE-2023-005
    >= 7.0.0, < 7.96.0, >= 9.4.0, < 9.4.14, >= 9.5.0, < 9.5.8, >= 10.0.0, < 10.0.8
  • MEDIUM6.5CVE-2022-25278Access bypass in Drupal Core
    >= 8.0.0, < 9.3.19, >= 9.4.0, < 9.4.3
  • MEDIUM6.5CVE-2022-25270Incorrect authorization in Drupal core
    >= 9.2.0, < 9.2.13, >= 9.3.0, < 9.3.6
  • MEDIUM6.5CVE-2021-41183XSS in `*Text` options of the Datepicker widget in jquery-ui
    >= 7.0.0, < 7.86.0, >= 9.2.0, < 9.2.11, >= 9.3.0, < 9.3.3
  • MEDIUM6.5CVE-2021-41184XSS in the `of` option of the `.position()` util in jquery-ui
    >= 7.0.0, < 7.86.0, >= 9.2.0, < 9.2.11, >= 9.3.0, < 9.3.3
  • MEDIUM6.5CVE-2021-41182XSS in the `altField` option of the Datepicker widget in jquery-ui
    >= 7.0.0, < 7.86.0
  • MEDIUM6.5CVE-2020-13676Incorrect Authorization in Drupal core
    >= 8.9.0, < 8.9.19, >= 9.1.0, < 9.1.13, >= 9.2.0, < 9.2.6
  • MEDIUM6.5CVE-2020-13674Cross-Site Request Forgery in Drupal core
    >= 8.9.0, < 8.9.19, >= 9.1.0, < 9.1.13, >= 9.2.0, < 9.2.6
  • MEDIUM6.1CVE-2026-6367Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003
    >= 11.3.0, < 11.3.7
  • MEDIUM6.1CVE-2026-6365Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001
    >= 8.0.0, < 10.5.9, >= 10.6.0, < 10.6.7, >= 11.0.0, < 11.2.11, >= 11.3.0, < 11.3.7
  • MEDIUM6.1CVE-2024-55635Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005
    >= 7.0.0, < 10.2.4
  • MEDIUM6.1CVE-2025-3057Drupal core - Critical - Cross site scripting - SA-CORE-2025-001
    >= 8.0.0, < 10.4.3, >= 11.0.0, < 11.1.3
  • MEDIUM6.1CVE-2022-25276Lack of domain validation in Druple core
    >= 9.3.0, < 9.3.19, >= 9.4.0, < 9.4.3
  • MEDIUM6.1CVE-2020-13662drupal7 - security update
    >= 7.0.0, < 7.70.1
  • MEDIUM6.1CVE-2020-13668Access bypass in Drupal Core 8/9
    >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • MEDIUM6.1CVE-2021-33829ckeditor4 vulnerable to cross-site scripting
    >= 8.9.0, < 8.9.16, >= 9.0.0, < 9.0.14, >= 9.1.0, < 9.1.9
  • MEDIUM6.1CVE-2020-9281CKEditor 4.0 vulnerability in the HTML Data Processor
    >= 8.7.0, < 8.7.12, >= 8.8.0, < 8.8.4
  • MEDIUM6.1CVE-2020-13672drupal7 - security update
    from 0, < 7.80.0, >= 8.9.0, < 8.9.14, >= 9.0.0, < 9.0.12, >= 9.1.0, < 9.1.7
  • MEDIUM6.1CVE-2020-13669Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
    >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • MEDIUM6.1CVE-2020-13688Drupal Core Cross-site scripting vulnerability
    >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • MEDIUM6.1CVE-2020-13666drupal7 - security update
    >= 7.0.0, < 7.73.0, >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • MEDIUM5.9CVE-2025-13081Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006
    >= 8.0.0, < 10.4.9, >= 10.5.0, < 10.5.6, >= 11.0.0, < 11.1.9, >= 11.2.0, < 11.2.8
  • MEDIUM5.9CVE-2024-11942Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002
    >= 10.0.0, < 10.3.0
  • MEDIUM5.4CVE-2025-31675Drupal Core Cross-Site Scripting (XSS) Vulnerability
    >= 8.0.0, < 10.4.5, >= 11.0.0, < 11.1.5
  • MEDIUM5.4CVE-2024-12393Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
    >= 8.8.0, < 10.3.9, >= 11.0.0, < 11.0.8
  • MEDIUM5.4CVE-2022-25274Access bypass in Drupal core
    >= 9.3.0, < 9.3.12
  • MEDIUM5.4CVE-2022-24728Cross-site Scripting in CKEditor4
    >= 8.0.0, < 9.2.15, >= 9.3.0, < 9.3.8
  • MEDIUM5.4CVE-2022-24728Cross-site Scripting in CKEditor4
    >= 8.0.0, < 9.2.15, >= 9.3.0, < 9.3.8
  • MEDIUM5.3CVE-2025-13080Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
    >= 8.0.0, < 10.4.9, >= 10.5.0, < 10.5.6, >= 11.0.0, < 11.1.9, >= 11.2.0, < 11.2.8
  • MEDIUM5.3CVE-2022-24775Improper Input Validation in guzzlehttp/psr7
    >= 8.0.0, < 9.2.16, >= 9.3.0, < 9.3.9
  • MEDIUM5.3CVE-2020-13667Drupal Core Access bypass vulnerability
    >= 8.8.0, < 8.8.10, >= 8.9.0, < 8.9.6, >= 9.0.0, < 9.0.6
  • MEDIUM4.6CVE-2025-31673Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
    >= 8.0.0, < 10.4.3, >= 11.0.0, < 11.1.3
  • MEDIUM4.3CVE-2025-13082Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
    >= 8.0.0, < 10.4.9, >= 10.5.0, < 10.5.6, >= 11.0.0, < 11.1.9, >= 11.2.0, < 11.2.8
  • LOW3.7CVE-2025-13083Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels
    >= 8.0.0, < 10.4.9, >= 10.5.0, < 10.5.6, >= 11.0.0, < 11.1.9, >= 11.2.0, < 11.2.8