Vulnerabilities > Drupal > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-05 | CVE-2020-13664 | Command Injection vulnerability in Drupal Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. | 9.3 |
| 2020-12-17 | CVE-2020-35191 | Missing Authentication for Critical Function vulnerability in Drupal Docker Images 8.3.0Fpmalpine The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. | 10.0 |
| 2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |
| 2019-01-22 | CVE-2019-6339 | Improper Input Validation vulnerability in multiple products In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. | 9.8 |
| 2018-07-19 | CVE-2018-7602 | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. | 9.8 |
| 2013-03-27 | CVE-2013-0318 | Permissions, Privileges, and Access Controls vulnerability in Banckle Chat Project Banckle Chat The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3354 | Multiple Unspecified vulnerability in Drupal REST API Module Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3353 | Multiple Unspecified vulnerability in Drupal Node2Node Module Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3352 | Unspecified vulnerability in Drupal Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. | 10.0 |
| 2009-09-24 | CVE-2009-3351 | Multiple Unspecified vulnerability in Drupal Node Browser Module 5.X1.1/5.X2.5 Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | 10.0 |