Vulnerabilities > Drupal > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-08-06 CVE-2017-6920 Data Processing Errors vulnerability in Drupal
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
network
low complexity
drupal CWE-19
critical
9.8
2018-07-19 CVE-2018-7602 A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x.
network
low complexity
drupal debian
critical
9.8
2018-03-29 CVE-2014-5170 Improper Input Validation vulnerability in Drupal Storage API
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
network
low complexity
drupal CWE-20
critical
9.8
2018-03-29 CVE-2018-7600 Improper Input Validation vulnerability in multiple products
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
network
low complexity
drupal debian CWE-20
critical
9.8