pkg:Packagist/drupal/drupal

共 68 筆 CVECRITICAL10HIGH24MEDIUM29

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.8CVE-2018-7602⚠ KEVDrupal Core Remote Code Execution Vulnerability
    >= 7.0, < 7.59
  • CRITICAL9.8CVE-2018-7600⚠ KEVDrupal Core Remote Code Execution Vulnerability
    >= 7.0, < 7.58
  • HIGH8.8CVE-2020-13671⚠ KEVDrupal core Unrestricted Upload of File with Dangerous Type
    >= 7.0.0, < 7.74
  • HIGH8.1CVE-2019-6340⚠ KEVDrupal Core Remote Code Execution Vulnerability
    >= 7.0.0, < 7.62.0
  • CRITICAL9.8CVE-2024-55638Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008
    >= 8.8.0, < 10.2.11
  • CRITICAL9.8CVE-2024-55637Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007
    >= 8.8.0, < 10.2.11
  • CRITICAL9.8CVE-2024-55636Drupal core - Less critical - Gadget chain - SA-CORE-2024-006
    >= 8.8.0, < 10.2.11
  • CRITICAL9.8CVE-2020-13665Drupal Core Access bypass vulnerability
    >= 8.8.0, < 8.8.8
  • CRITICAL9.8CVE-2017-6920Drupal PECL YAML parser unsafe object handling
    >= 8.0, < 8.3.4
  • CRITICAL9.8CVE-2017-6925Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
    >= 8.0, < 8.3.7
  • CRITICAL9.8CVE-2019-11831Directory Traversal in typo3/phar-stream-wrapper
    >= 7.0.0, < 7.67.0
  • CRITICAL9.8CVE-2019-6339Arbitrary PHP code execution in Drupal
    >= 7.0.0, < 7.62.0
  • HIGH8.8CVE-2016-6211Drupal Saving user accounts can sometimes grant the user all roles
    >= 7.0, < 7.44
  • HIGH8.8CVE-2020-13664Drupal Core Arbitrary PHP code execution vulnerability
    >= 8.8.0, < 8.8.8
  • HIGH8.8CVE-2020-13663Drupal Core Cross-Site Request Forgery (CSRF) vulnerability
    >= 7.0.0, < 7.72
  • HIGH8.1CVE-2024-55634Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004
    >= 8.0.0, < 10.2.11
  • HIGH8.1CVE-2016-3169Drupal saving user accounts can sometimes grant the user all roles
    >= 7.0, < 7.43
  • HIGH8.1CVE-2016-3162Drupal File upload access bypass and denial of service
    >= 8.0, < 8.0.4
  • HIGH8.1CVE-2016-3171Drupal arbitrary code execution
    >= 6.0, < 6.38
  • HIGH8.1CVE-2017-6926Drupal Comment reply form allows access to restricted content
    >= 8.4.0, < 8.4.5
  • HIGH8.1CVE-2017-6930Drupal access bypass vulnerability
    >= 8.4.0, < 8.4.5
  • HIGH8.1CVE-2017-6381Drupal Remote code execution
    >= 8.0, < 8.2.7
  • HIGH8.0CVE-2019-6338Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
    >= 7.0.0, < 7.62.0
  • HIGH7.5CVE-2013-6389Drupal has open redirect vulnerability in the Overlay module
    >= 7.0, < 7.24
  • HIGH7.5CVE-2016-3165Drupal Form API ignores access restrictions on submit buttons
    >= 6.0, < 6.38
  • HIGH7.5CVE-2016-3163Drupal Brute force amplification attacks via XML-RPC
    >= 7.0, < 7.43
  • HIGH7.5CVE-2016-9450Drupal Incorrect cache context on password reset page
    >= 8.0, < 8.2.3
  • HIGH7.5CVE-2017-6379Drupal Cross-Site Request Forgery (CSRF)
    >= 8.2.0, < 8.2.7
  • HIGH7.5CVE-2017-6919Drupal access control bypass vulnerability
    >= 8.0, < 8.2.8
  • HIGH7.5CVE-2017-6377Drupal editor module incorrectly checks access to inline private files
    >= 8.2.0, < 8.2.7
  • HIGH7.5CVE-2020-13670Exposure of Resource to Wrong Sphere in Drupal Core
    >= 8.0.0, < 8.8.10
  • HIGH7.4CVE-2016-3164Drupal Open Redirect
    >= 6.0, < 6.38
  • HIGH7.4CVE-2016-3167Drupal Open redirect vulnerability in the drupal_goto function
    >= 6.0, < 6.38
  • HIGH7.4CVE-2017-6924Drupal REST API can bypass comment approval
    >= 8.0, < 8.3.7
  • MEDIUM6.5CVE-2016-9452Drupal Denial of service via transliterate mechanism
    >= 8.0, < 8.2.3
  • MEDIUM6.5CVE-2017-6931Drupal Settings Tray access bypass
    >= 8.4.0, < 8.4.5
  • MEDIUM6.5CVE-2017-6922Drupal core access bypass vulnerability
    >= 8.0, < 8.3.4
  • MEDIUM6.5CVE-2017-6923Missing Authorization in Drupal
    >= 8.0, < 8.3.7
  • MEDIUM6.4CVE-2016-3168Drupal Reflected file download vulnerability
    >= 7.0, < 7.43
  • MEDIUM6.1CVE-2020-13662Drupal Core Open Redirect vulnerability
    >= 7.0.0, < 7.70
  • MEDIUM6.1CVE-2016-7571Drupal Cross-site scripting (XSS) vulnerability
    >= 8.0, < 8.1.10
  • MEDIUM6.1CVE-2017-6929Drupal cross site scripting vulnerability
    >= 8.0, < 8.4.0
  • MEDIUM6.1CVE-2017-6927Drupal cross-site scripting vulnerability
    >= 8.4.0, < 8.4.5
  • MEDIUM6.1CVE-2018-9861Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
    >= 8.0, < 8.4.7
  • MEDIUM6.1CVE-2020-13668Access bypass in Drupal Core 8/9
    >= 8.0.0, < 8.8.10
  • MEDIUM6.1CVE-2021-33829ckeditor4 vulnerable to cross-site scripting
    >= 7.0.0, < 7.80
  • MEDIUM6.1CVE-2020-13672Drupal core Cross-site Scripting (XSS) vulnerability
    >= 7.0.0, < 7.80
  • MEDIUM6.1CVE-2020-13669Drupal core Cross-site Scripting (XSS) vulnerability in ckeditor
    >= 8.0.0, < 8.8.10
  • MEDIUM6.1CVE-2020-13666Drupal Core Cross-site scripting vulnerability
    >= 7.0.0, < 7.73
  • MEDIUM5.9CVE-2016-3166Drupal CRLF injection vulnerability in the drupal_set_header function
    >= 6.0, < 6.38
  • MEDIUM5.9CVE-2017-6921Drupal file REST resource does not properly validate
    >= 8.0, < 8.3.4
  • MEDIUM5.4CVE-2024-12393Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
    >= 8.8.0, < 10.2.11
  • MEDIUM5.4CVE-2019-10909symfony - security update
    >= 8.0.0, < 8.5.15
  • MEDIUM5.4CVE-2019-6341Drupal Cross Site Scripting (XSS) vulnerability
    >= 7.0.0, < 7.65.0
  • MEDIUM5.3CVE-2024-45440Drupal Full Path Disclosure
    >= 10.3.0, < 10.3.6
  • MEDIUM5.3CVE-2016-3170Drupal sensitive information disclosure
    >= 8.0, < 8.0.4
  • MEDIUM5.3CVE-2016-6212Drupal Views can allow unauthorized users to see Statistics information
    >= 8.0, < 8.1.3
  • MEDIUM5.3CVE-2017-6928Drupal access bypass vulnerability
    >= 7.0, < 7.57
  • MEDIUM5.3CVE-2020-13667Drupal Core Access bypass vulnerability
    >= 8.8.0, < 8.8.10
  • MEDIUM4.7CVE-2017-6932Drupal external link injection vulnerability
    >= 7.0, < 7.57
  • MEDIUM4.3CVE-2016-7570Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
    >= 8.0.0, < 8.1.10
  • MEDIUM4.3CVE-2016-7572Drupal Unprivileged access to config export
    >= 8.0, < 8.1.10
  • MEDIUM4.3CVE-2016-9449drupal7 - security update
    >= 8.0, < 8.2.3
  • CVE-2010-3094Drupal cross-site scripting vulnerability via actions feature and trigger module
    >= 6.0, < 6.18
  • CVE-2012-1589Drupal Open Redirect
    >= 7.0, < 7.13
  • CVE-2012-2153Drupal improper access restrictions
    >= 7.0, < 7.14
  • CVE-2008-4793Drupal Node Validation Bypass in the node module API
    >= 5.0, < 5.11
  • CVE-2008-3218Drupal vulnerable to Cross-site Scripting
    >= 6.0, < 6.3