Vulnerabilities > Drupal
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-39261 | Path Traversal vulnerability in multiple products Twig is a template language for PHP. | 7.5 |
| 2022-07-20 | CVE-2022-31160 | Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |
| 2022-06-10 | CVE-2022-31042 | Information Exposure vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 7.5 |
| 2022-06-10 | CVE-2022-31043 | Information Exposure vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 7.5 |
| 2022-06-03 | CVE-2022-26493 | Improper Certificate Validation vulnerability in Drupal Saml SP 2.0 Single Sign on Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. | 6.5 |
| 2022-05-25 | CVE-2022-29248 | Information Exposure vulnerability in multiple products Guzzle is a PHP HTTP client. | 8.1 |
| 2022-03-21 | CVE-2022-24775 | Improper Input Validation vulnerability in multiple products guzzlehttp/psr7 is a PSR-7 HTTP message library. | 5.0 |
| 2022-03-16 | CVE-2022-24729 | Resource Exhaustion vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 7.5 |
| 2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.4 |
| 2022-02-17 | CVE-2022-25270 | Incorrect Authorization vulnerability in Drupal The Quick Edit module does not properly check entity access in some circumstances. | 4.0 |