|
1
|
5.4
-
|
MEDIUM
Network
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core versions: fr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-55808
|
cpe:2.3:a:drupal:drupal:*:*
|
10.6.0 11.0.0 11.3.0
|
|
|
10.5.12 10.6.11 11.2.14 11.3.12
|
2026-07-17 00:02
2026-07-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
3.1
-
|
LOW
Network
|
Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Request Forgery. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11, from…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-55807
|
cpe:2.3:a:drupal:drupal:*:*
|
10.6.0 11.0.0 11.3.0
|
|
|
10.5.12 10.6.11 11.2.14 11.3.12
|
2026-07-16 23:58
2026-07-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
5.9
-
|
MEDIUM
Network
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows Content Spoofing. This issue affects Drupal core versions: from 0.0.0 to 10.5.12, from 10.6.0 to 10.6.11…
Update
|
CWE-601
Open Redirect
|
CVE-2026-55806
|
cpe:2.3:a:drupal:drupal:*:*
|
10.6.0 11.0.0 11.3.0
|
|
|
10.5.12 10.6.11 11.2.14 11.3.12
|
2026-07-17 00:26
2026-07-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
5.9
-
|
MEDIUM
Network
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5…
Update
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-55804
|
cpe:2.3:a:drupal:drupal:*:*
|
10.6.0 11.0.0 11.3.0
|
|
|
10.5.12 10.6.11 11.2.14 11.3.12
|
2026-07-17 00:11
2026-07-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
5.9
-
|
MEDIUM
Network
|
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection. This issue affects Drupal core versions: from 0.0.0 to 10.5…
Update
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-55803
|
cpe:2.3:a:drupal:drupal:*:*
|
10.6.0 11.0.0 11.3.0
|
|
|
10.5.12 10.6.11 11.2.14 11.3.12
|
2026-07-17 00:09
2026-07-11
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
9.8
-
|
CRITICAL
Network
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection.
This issue affects Drupal core: from 8.9.0 before 10.4.…
|
CWE-89
SQL Injection
|
CVE-2026-9082
|
cpe:2.3:a:drupal:drupal:*:*
|
8.9.0 10.5.0 10.6.0 11.0.0 11.2.0 11.3.0
|
|
|
10.4.10 10.5.10 10.6.9 11.1.10 11.2.12 11.3.10
|
2026-05-23 04:38
2026-05-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
5.3
-
|
MEDIUM
Network
|
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-45440
|
cpe:2.3:a:drupal:drupal:2023-05-09:*
|
|
|
|
|
2024-10-29 06:35
2024-08-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
7.5
-
|
HIGH
Network
|
Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.
|
NVD-CWE-Other
|
CVE-2024-22362
|
cpe:2.3:a:drupal:drupal:9.3.6:-
|
|
|
|
|
2024-11-21 17:56
2024-01-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
7.5
-
|
HIGH
Network
|
In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading…
|
NVD-CWE-noinfo
|
CVE-2023-5256
|
cpe:2.3:a:drupal:drupal:*:*
|
10.1.0 10.0.0 8.7.0
|
|
|
10.1.4 10.0.11 9.5.11
|
2024-11-21 17:41
2023-09-29
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
6.5
-
|
MEDIUM
Network
|
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may…
|
CWE-863
Incorrect Authorization
|
CVE-2023-31250
|
cpe:2.3:a:drupal:drupal:*:*
|
10.0 9.5 9.4 7.0
|
|
|
10.0.8 9.5.8 9.4.14 7.96
|
2024-11-21 17:01
2023-04-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|