Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-10 | CVE-2022-31042 | Information Exposure vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 5.0 |
| 2022-06-10 | CVE-2022-31043 | Incorrect Authorization vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 5.0 |
| 2022-06-03 | CVE-2022-26493 | Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. | 6.5 |
| 2022-05-25 | CVE-2022-29248 | Information Exposure vulnerability in multiple products Guzzle is a PHP HTTP client. | 5.8 |
| 2022-03-21 | CVE-2022-24775 | Improper Input Validation vulnerability in multiple products guzzlehttp/psr7 is a PSR-7 HTTP message library. | 5.0 |
| 2022-03-16 | CVE-2022-24729 | Resource Exhaustion vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.0 |
| 2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 3.5 |
| 2022-02-17 | CVE-2022-25270 | Incorrect Authorization vulnerability in Drupal The Quick Edit module does not properly check entity access in some circumstances. | 4.0 |
| 2022-02-16 | CVE-2022-25271 | Improper Input Validation vulnerability in Drupal Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 4.3 |
| 2022-02-11 | CVE-2020-13668 | Cross-site Scripting vulnerability in Drupal Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. | 4.3 |