Vulnerabilidades en Drupal
309 resultadosCVE-2022-25275HIGHIn some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when gEPSS 0.7%CVE-2020-13688—Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in orEPSS 0.7%CVE-2020-13672—Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circuEPSS 0.7%CVE-2020-13669—Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x verEPSS 0.6%CVE-2024-13258CRITICALDrupal REST & JSON API Authentication - Moderately critical - Access bypass - SA-CONTRIB-2024-022EPSS 0.6%CVE-2022-25278MEDIUMUnder certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alterEPSS 0.6%CVE-2022-25273HIGHDrupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validationEPSS 0.6%CVE-2023-31250MEDIUMDrupal core - Moderately critical - Access bypass - SA-CORE-2023-005EPSS 0.5%CVE-2024-13239CRITICALTwo-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003EPSS 0.5%CVE-2024-13267HIGHOpigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031EPSS 0.5%CVE-2024-13265HIGHOpigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029EPSS 0.5%CVE-2022-25276MEDIUMThe Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of thEPSS 0.5%CVE-2025-31676HIGHEmail TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-001EPSS 0.5%CVE-2025-31674HIGHDrupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003EPSS 0.5%CVE-2025-8995CRITICALAuthenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096EPSS 0.5%CVE-2024-13255HIGHRESTful Web Services - Critical - Access bypass - SA-CONTRIB-2024-019EPSS 0.5%CVE-2024-13254HIGHREST Views - Moderately critical - Information Disclosure - SA-CONTRIB-2024-018EPSS 0.5%CVE-2024-13259HIGHImage Sizes - Moderately critical - Access bypass - SA-CONTRIB-2024-023EPSS 0.5%CVE-2025-7393CRITICALMail Login - Critical - Access bypass - SA-CONTRIB-2025-088EPSS 0.5%CVE-2025-3060MEDIUMFlattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005EPSS 0.5%