VYPR

Drupal

by Drupal

Source repositories

CVEs (203)

  • CVE-2002-1806Dec 31, 2002
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.

  • CVE-2020-35191Dec 17, 2020
    risk 0.02cvss epss 0.05

    The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank…

  • CVE-2026-55807Jun 18, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-11908Jun 10, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-11909Jun 10, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-11913Jun 10, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-11914Jun 10, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-11915Jun 10, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-10768Jun 3, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-49977Jun 3, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-10769Jun 3, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2026-10770Jun 3, 2026
    risk 0.00cvss epss

    Mentioned in Drupal. See https://www.drupal.org/security for vendor details.

  • CVE-2025-12848Nov 26, 2025
    risk 0.00cvss epss 0.00

    Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting (XSS) vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code (e.g., "<img…

  • CVE-2024-34481Jul 5, 2024
    risk 0.00cvss epss 0.01

    drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions, and image titles of a Wiki page.

  • CVE-2024-22362Jan 16, 2024
    risk 0.00cvss epss 0.01

    Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

  • CVE-2019-6342May 28, 2020
    risk 0.00cvss epss 0.02

    An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.

  • CVE-2011-2726Nov 15, 2019
    risk 0.00cvss epss 0.02

    An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent…

  • CVE-2010-2473Nov 7, 2019
    risk 0.00cvss epss 0.01

    Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.

  • CVE-2010-2472Nov 7, 2019
    risk 0.00cvss epss 0.01

    Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This…

  • CVE-2010-2250Nov 7, 2019
    risk 0.00cvss epss 0.01

    Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.

Page 3 of 11