Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312) CVE-2010-5312 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2714) CVE-2011-2714 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2339) CVE-2012-2339 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0244) CVE-2013-0244 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6387) CVE-2013-6387 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6388) CVE-2013-6388 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1607) CVE-2014-1607 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5021) CVE-2014-5021 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5022) CVE-2014-5022 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6658) CVE-2015-6658 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-6665) CVE-2015-6665 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7571) CVE-2016-7571 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6927) CVE-2017-6927 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6929) CVE-2017-6929 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-9861) CVE-2018-9861 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-6341) CVE-2019-6341 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10909) CVE-2019-10909 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876) CVE-2019-11876 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9281) CVE-2020-9281 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022) CVE-2020-11022 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023) CVE-2020-11023 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13666) CVE-2020-13666 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668) CVE-2020-13668 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13669) CVE-2020-13669 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13672) CVE-2020-13672 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13688) CVE-2020-13688 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33829) CVE-2021-33829 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164) CVE-2021-41164 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165) CVE-2021-41165 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182) CVE-2021-41182 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183) CVE-2021-41183 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184) CVE-2021-41184 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24728) CVE-2022-24728 CWE-707 CWE-707 Low Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-25276) CVE-2022-25276 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-12393) CVE-2024-12393 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-55635) CVE-2024-55635 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3057) CVE-2025-3057 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-31675) CVE-2025-31675 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-6365) CVE-2026-6365 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-6367) CVE-2026-6367 CWE-707 CWE-707 Medium Drupal Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-13664) CVE-2020-13664 CWE-138 CWE-138 High Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2999) CVE-2008-2999 CWE-138 CWE-138 High Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3223) CVE-2008-3223 CWE-138 CWE-138 High Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2715) CVE-2011-2715 CWE-138 CWE-138 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3704) CVE-2014-3704 CWE-138 CWE-138 High Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-6659) CVE-2015-6659 CWE-138 CWE-138 High Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910) CVE-2019-10910 CWE-138 CWE-138 Critical Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-9082) CVE-2026-9082 CWE-138 CWE-138 Critical Drupal Improper Privilege Management Vulnerability (CVE-2017-6924) CVE-2017-6924 CWE-269 CWE-269 High Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31042) CVE-2022-31042 CWE-212 CWE-212 Medium Drupal Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2022-31043) CVE-2022-31043 CWE-212 CWE-212 Medium Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381) CVE-2017-6381 CWE-829 CWE-829 High Drupal Incorrect Authorization Vulnerability (CVE-2011-2726) CVE-2011-2726 CWE-863 CWE-863 High Drupal Incorrect Authorization Vulnerability (CVE-2017-6377) CVE-2017-6377 CWE-863 CWE-863 High Drupal Incorrect Authorization Vulnerability (CVE-2020-13676) CVE-2020-13676 CWE-863 CWE-863 Medium Drupal Incorrect Authorization Vulnerability (CVE-2022-25270) CVE-2022-25270 CWE-863 CWE-863 Medium Drupal Incorrect Authorization Vulnerability (CVE-2022-25274) CVE-2022-25274 CWE-863 CWE-863 Medium Drupal Incorrect Authorization Vulnerability (CVE-2023-31250) CVE-2023-31250 CWE-863 CWE-863 Medium Drupal Incorrect Authorization Vulnerability (CVE-2025-31673) CVE-2025-31673 CWE-863 CWE-863 Medium Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667) CVE-2020-13667 CWE-276 CWE-276 Medium Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928) CVE-2017-6928 CWE-732 CWE-732 Medium Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729) CVE-2022-24729 CWE-1333 CWE-1333 High Drupal Insufficient Verification of Data Authenticity Vulnerability (CVE-2016-9450) CVE-2016-9450 CWE-345 CWE-345 High Drupal Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2024-11941) CVE-2024-11941 CWE-835 CWE-835 High Drupal Missing Authorization Vulnerability (CVE-2017-6923) CVE-2017-6923 CWE-862 CWE-862 Medium Drupal Numeric Errors Vulnerability (CVE-2007-5416) CVE-2007-5416 Medium Drupal Other Vulnerability (CVE-2002-1806) CVE-2002-1806 Medium Drupal Other Vulnerability (CVE-2005-0682) CVE-2005-0682 Medium Drupal Other Vulnerability (CVE-2005-1871) CVE-2005-1871 High Drupal Other Vulnerability (CVE-2005-2106) CVE-2005-2106 Medium Drupal Other Vulnerability (CVE-2005-3973) CVE-2005-3973 Medium Drupal Other Vulnerability (CVE-2005-3974) CVE-2005-3974 Medium Drupal Other Vulnerability (CVE-2005-3975) CVE-2005-3975 Medium Drupal Other Vulnerability (CVE-2006-0070) CVE-2006-0070 Medium Drupal Other Vulnerability (CVE-2006-1225) CVE-2006-1225 Medium 1...36373839...327 37 / 327
