| Title |
Severity |
Exploit |
Date |
Affected Version |
|
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
|
Medium
|
|
May 15, 2024
|
>= 8.0.0 < 8.9.16
>= 9.0.0 < 9.1.12
>= 9.2.0 < 9.2.4
|
|
Drupal core Arbitrary PHP code execution
|
High
|
|
May 15, 2024
|
>= 7.0.0 < 7.75
>= 8.0.0 < 8.8.12
>= 8.9.0 < 8.9.10
>= 9.0.0 < 9.0.9
|
|
Drupal core uses a vulnerable Third-party library CKEditor
|
Medium
|
|
May 15, 2024
|
>= 8.0.0 < 8.7.12
>= 8.8.0 < 8.8.4
|
|
Drupal core Open Redirect vulnerability
|
Medium
|
|
May 15, 2024
|
>= 7.0.0 < 7.70
|
|
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
|
High
|
|
May 15, 2024
|
>= 7.0.0 < 7.69
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
|
|
Drupal core Access control bypass
|
Medium
|
|
May 15, 2024
|
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
|
|
Drupal core Denial of Service
|
Medium
|
|
May 15, 2024
|
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
|
|
Drupal core Remote Code Execution
|
Critical
|
|
May 15, 2024
|
>= 7.0 < 7.60
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
|
|
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
|
Critical
|
|
May 15, 2024
|
>= 8.0.0 < 8.5.8
>= 8.6.0 < 8.6.2
|
|
Drupal Malicious file upload with filenames stating with dot
|
Medium
|
|
May 15, 2024
|
>= 8.0.0 < 8.7.11
>= 8.8.0 < 8.8.1
|
drupal / drupal