Vulnerabilities > Drupal > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-06 | CVE-2017-6920 | Data Processing Errors vulnerability in Drupal Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. | 9.8 |
2018-07-19 | CVE-2018-7602 | A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. | 9.8 |
2018-03-29 | CVE-2014-5170 | Improper Input Validation vulnerability in Drupal Storage API The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003. | 9.8 |
2018-03-29 | CVE-2018-7600 | Improper Input Validation vulnerability in multiple products Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 9.8 |