Latest high severity vulnerabilities for "drupal drupal" 7.0

composer/drupal/coreDrupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012

high

7.5

First published (updated )

CVE-2022-25275

Oracle Primavera GatewayXSS in `*Text` options of the Datepicker widget

high

7.2

First published (updated )

CVE-2021-41183

Oracle Primavera UnifierXSS in the `of` option of the `.position()` util

high

7.2

First published (updated )

CVE-2021-41184

Oracle Primavera UnifierXSS in the `altField` option of the Datepicker widget

high

7.2

First published (updated )

CVE-2021-41182

Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability

high

7.5

Exploited

First published (updated )

CVE-2020-36193

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

high

7.8

Exploited

First published (updated )

CVE-2020-28949

Fedoraproject FedoraLast updated 3 September 2024

high

7.8

First published (updated )

CVE-2020-28948

composer/drupal/coreDrupal core Un-restricted Upload of File

high

8.8

Exploited

First published (updated )

CVE-2020-13671

composer/drupal/coreCSRF

high

8.8

First published (updated )

CVE-2020-13663

Fedoraproject FedoraAn access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability …

high

7.5

First published (updated )

CVE-2011-2726

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Oracle Application Testing SuiteXSS, Input Validation

high

7.5

First published (updated )

CVE-2019-11358

composer/drupal/drupalthird-party PEAR Archive_Tar library updates

high

8

First published (updated )

CVE-2019-6338

Drupal DrupalSaving user accounts can sometimes grant the user all roles

high

8.8

First published (updated )

CVE-2016-6211

Drupal DrupalReflected file download vulnerability

high

8.5

First published (updated )

CVE-2016-3168

Drupal DrupalBrute force amplification attacks via XML-RPC

high

7.5

First published (updated )

CVE-2016-3163

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Drupal DrupalFile upload access bypass and denial of service

high

8.1

First published (updated )

CVE-2016-3162

Drupal DrupalOpen redirect via path manipulation

high

7.4

First published (updated )

CVE-2016-3164

Drupal DrupalSaving user accounts can sometimes grant the user all roles

high

8.1

First published (updated )

CVE-2016-3169

Drupal DrupalSQL Injection

high

7.5

First published (updated )

CVE-2015-6659

Drupal DrupalSQL Injection

high

7.5

First published (updated )

CVE-2014-3704

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Drupal DrupalThe OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authen…

high

7.5

First published (updated )

CVE-2014-1475

Drupal DrupalInput Validation

high

7.5

First published (updated )

CVE-2013-6389

Drupal DrupalDrupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vector…

high

7.5

First published (updated )

CVE-2011-2687

composer/drupal/coreDrupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012

Oracle Primavera GatewayXSS in `*Text` options of the Datepicker widget

Oracle Primavera UnifierXSS in the `of` option of the `.position()` util

Oracle Primavera UnifierXSS in the `altField` option of the Datepicker widget

Fedoraproject FedoraPEAR Archive_Tar Improper Link Resolution Vulnerability

Never miss a vulnerability like this again

Fedoraproject FedoraPEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

Fedoraproject FedoraLast updated 3 September 2024

composer/drupal/coreDrupal core Un-restricted Upload of File

composer/drupal/coreCSRF

Fedoraproject FedoraAn access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability …

Never miss a vulnerability like this again

Oracle Application Testing SuiteXSS, Input Validation

composer/drupal/drupalthird-party PEAR Archive_Tar library updates

Drupal DrupalSaving user accounts can sometimes grant the user all roles

Drupal DrupalReflected file download vulnerability

Drupal DrupalBrute force amplification attacks via XML-RPC

Never miss a vulnerability like this again

Drupal DrupalFile upload access bypass and denial of service

Drupal DrupalOpen redirect via path manipulation

Drupal DrupalSaving user accounts can sometimes grant the user all roles

Drupal DrupalSQL Injection

Drupal DrupalSQL Injection

Never miss a vulnerability like this again

Drupal DrupalThe OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authen…

Drupal DrupalInput Validation

Drupal DrupalDrupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vector…

Company

Resources

Contact