Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: drupal Clear
ID Title
CVE-2026-6816 Vulnerability in drupal (CVE-2026-6816)
vulnerability in drupal (CVE-2026-6816). Risk of unauthorized operations or information disclosure.
CVE-2026-5343 Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
CVE-2026-4929 Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
CVE-2026-4093 Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
CVE-2026-9082 KEV [KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
CVE-2026-6365 Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6871 Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
CVE-2026-6367 Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
CVE-2026-6366 Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-6095 Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
CVE-2026-8495 Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
CVE-2026-8493 Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
CVE-2026-8492 Vulnerability in drupal/gtranslate (CVE-2026-8492)
vulnerability in drupal/gtranslate (CVE-2026-8492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
CVE-2026-8491 Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
CVE-2022-50957 Cross-Site Scripting (XSS) in drupal (CVE-2022-50957)
cross-site scripting in drupal (CVE-2022-50957). Risk of unauthorized operations or information disclosure.
CVE-2025-11570 Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
CVE-2018-7602 KEV [KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2019-6340 KEV [KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13671 KEV [KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2018-7600 KEV [KEV] Vulnerability in drupal (CVE-2018-7600)
vulnerability in drupal (CVE-2018-7600). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2015-7878 Cross-Site Scripting (XSS) in drupal (CVE-2015-7878)
cross-site scripting in drupal (CVE-2015-7878). Risk of unauthorized operations or information disclosure.
CVE-2015-7943 Open Redirect in drupal (CVE-2015-7943)
vulnerability in drupal (CVE-2015-7943). Risk of unauthorized operations or information disclosure.
CVE-2015-7980 Cross-Site Scripting (XSS) in drupal (CVE-2015-7980)
cross-site scripting in drupal (CVE-2015-7980). Risk of unauthorized operations or information disclosure.
CVE-2015-7880 Information Disclosure in drupal (CVE-2015-7880)
vulnerability in drupal (CVE-2015-7880). Risk of unauthorized operations or information disclosure.
CVE-2015-2750 Open Redirect in drupal (CVE-2015-2750)
vulnerability in drupal (CVE-2015-2750). Risk of unauthorized operations or information disclosure.
CVE-2015-2749 Open Redirect in drupal (CVE-2015-2749)
vulnerability in drupal (CVE-2015-2749). Risk of unauthorized operations or information disclosure.
CVE-2015-7879 Cross-Site Scripting (XSS) in drupal (CVE-2015-7879)
cross-site scripting in drupal (CVE-2015-7879). Risk of unauthorized operations or information disclosure.
CVE-2015-7877 SQL Injection in drupal (CVE-2015-7877)
SQL injection in drupal (CVE-2015-7877). Successful exploitation can lead to full system takeover.
CVE-2015-7875 Vulnerability in drupal (CVE-2015-7875)
vulnerability in drupal (CVE-2015-7875). Data can be tampered with by attackers.
CVE-2017-6919 Vulnerability in drupal (CVE-2017-6919)
vulnerability in drupal (CVE-2017-6919). Successful exploitation can lead to full system takeover.
CVE-2017-6381 Vulnerability in drupal (CVE-2017-6381)
vulnerability in drupal (CVE-2017-6381). Successful exploitation can lead to full system takeover.
CVE-2017-6379 Cross-Site Request Forgery (CSRF) in drupal (CVE-2017-6379)
vulnerability in drupal (CVE-2017-6379). Successful exploitation can lead to full system takeover.
CVE-2017-6377 Authorization Flaw in drupal (CVE-2017-6377)
vulnerability in drupal (CVE-2017-6377). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →