Vulnerabilities > Drupal

DATE CVE VULNERABILITY TITLE RISK
2022-06-10 CVE-2022-31042 Information Exposure vulnerability in multiple products
Guzzle is an open source PHP HTTP client.
network
low complexity
guzzlephp drupal CWE-200
5.0
2022-06-10 CVE-2022-31043 Incorrect Authorization vulnerability in multiple products
Guzzle is an open source PHP HTTP client.
network
low complexity
guzzlephp drupal CWE-863
5.0
2022-06-03 CVE-2022-26493 Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability.
network
low complexity
drupal CWE-295
6.5
2022-05-25 CVE-2022-29248 Information Exposure vulnerability in multiple products
Guzzle is a PHP HTTP client.
5.8
2022-03-21 CVE-2022-24775 Improper Input Validation vulnerability in multiple products
guzzlehttp/psr7 is a PSR-7 HTTP message library.
network
low complexity
drupal guzzlephp CWE-20
5.0
2022-03-16 CVE-2022-24729 Resource Exhaustion vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal CWE-400
5.0
2022-03-16 CVE-2022-24728 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
3.5
2022-02-17 CVE-2022-25270 Incorrect Authorization vulnerability in Drupal
The Quick Edit module does not properly check entity access in some circumstances.
network
low complexity
drupal CWE-863
4.0
2022-02-16 CVE-2022-25271 Improper Input Validation vulnerability in Drupal
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation.
network
drupal CWE-20
4.3
2022-02-11 CVE-2020-13668 Cross-site Scripting vulnerability in Drupal
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability.
network
drupal CWE-79
4.3