Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6816 |
|
Vulnerability in drupal (CVE-2026-6816)
vulnerability in drupal (CVE-2026-6816). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5343 |
|
Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
|
| CVE-2026-4929 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6366 |
|
Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8495 |
|
Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
|
| CVE-2026-8493 |
|
Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
|
| CVE-2026-8492 |
|
Vulnerability in drupal/gtranslate (CVE-2026-8492)
vulnerability in drupal/gtranslate (CVE-2026-8492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
|
| CVE-2026-8491 |
|
Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
|
| CVE-2022-50957 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2022-50957)
cross-site scripting in drupal (CVE-2022-50957). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11570 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-7602 KEV |
|
[KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-6340 KEV |
|
[KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-13671 KEV |
|
[KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-7600 KEV |
|
[KEV] Vulnerability in drupal (CVE-2018-7600)
vulnerability in drupal (CVE-2018-7600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-7878 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2015-7878)
cross-site scripting in drupal (CVE-2015-7878). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7943 |
|
Open Redirect in drupal (CVE-2015-7943)
vulnerability in drupal (CVE-2015-7943). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7980 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2015-7980)
cross-site scripting in drupal (CVE-2015-7980). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7880 |
|
Information Disclosure in drupal (CVE-2015-7880)
vulnerability in drupal (CVE-2015-7880). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-2750 |
|
Open Redirect in drupal (CVE-2015-2750)
vulnerability in drupal (CVE-2015-2750). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-2749 |
|
Open Redirect in drupal (CVE-2015-2749)
vulnerability in drupal (CVE-2015-2749). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7879 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2015-7879)
cross-site scripting in drupal (CVE-2015-7879). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-7877 |
|
SQL Injection in drupal (CVE-2015-7877)
SQL injection in drupal (CVE-2015-7877). Successful exploitation can lead to full system takeover.
|
| CVE-2015-7875 |
|
Vulnerability in drupal (CVE-2015-7875)
vulnerability in drupal (CVE-2015-7875). Data can be tampered with by attackers.
|
| CVE-2017-6919 |
|
Vulnerability in drupal (CVE-2017-6919)
vulnerability in drupal (CVE-2017-6919). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6381 |
|
Vulnerability in drupal (CVE-2017-6381)
vulnerability in drupal (CVE-2017-6381). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6379 |
|
Cross-Site Request Forgery (CSRF) in drupal (CVE-2017-6379)
vulnerability in drupal (CVE-2017-6379). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6377 |
|
Authorization Flaw in drupal (CVE-2017-6377)
vulnerability in drupal (CVE-2017-6377). Data can be tampered with by attackers.
|