Vulnerabilities > Drupal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2024-22362 | Unspecified vulnerability in Drupal 9.3.6 Drupal contains a vulnerability with improper handling of structural elements. | 7.5 |
| 2023-09-28 | CVE-2023-5256 | Unspecified vulnerability in Drupal In certain scenarios, Drupal's JSON:API module will output error backtraces. | 7.5 |
| 2023-04-26 | CVE-2022-25277 | Unrestricted Upload of File with Dangerous Type vulnerability in Drupal Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). | 7.2 |
| 2023-04-26 | CVE-2022-25273 | Improper Input Validation vulnerability in Drupal Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. | 7.5 |
| 2023-04-26 | CVE-2022-25275 | Unspecified vulnerability in Drupal In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. | 7.5 |
| 2022-09-28 | CVE-2022-39261 | Path Traversal vulnerability in multiple products Twig is a template language for PHP. | 7.5 |
| 2022-06-10 | CVE-2022-31042 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 7.5 |
| 2022-06-10 | CVE-2022-31043 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Guzzle is an open source PHP HTTP client. | 7.5 |
| 2022-05-25 | CVE-2022-29248 | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Guzzle is a PHP HTTP client. | 8.1 |
| 2022-03-16 | CVE-2022-24729 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 7.5 |