Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5) CWE-79 CWE-113 CWE-79 CWE-113 High Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7) CWE-264 CWE-264 High Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7) CWE-384 CWE-384 High Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6) CVE-2006-2743 CWE-95 CWE-95 High Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7) CVE-2006-2831 CWE-95 CWE-95 High Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9) CVE-2006-5476 CWE-352 CWE-352 High Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3) CVE-2005-3973 CWE-79 CWE-79 High Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5) CVE-2006-1226 CWE-79 CWE-79 High Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7) CVE-2006-2833 CWE-79 CWE-79 High Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8) CVE-2006-4002 CWE-79 CWE-79 High Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10) CVE-2007-0136 CWE-79 CWE-79 High Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10) CVE-2007-0124 CWE-400 CWE-400 High Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9) CVE-2006-5477 CWE-20 CWE-20 High Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5) CWE-20 CWE-20 High Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9) CVE-2006-5475 CWE-79 CWE-79 High Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3) CWE-79 CWE-113 CWE-79 CWE-113 High Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3) CVE-2005-3974 CWE-264 CWE-264 High Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5) CWE-264 CWE-264 High Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5) CWE-384 CWE-384 High Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6) CVE-2006-2742 CWE-89 CWE-89 High Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5) CVE-2007-0626 CWE-95 CWE-95 High Drupal Core 4.7.x Arbitrary Code Execution (4.7.0) CVE-2006-2743 CWE-95 CWE-95 High Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3) CVE-2006-5476 CWE-352 CWE-352 High Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10) CVE-2008-0272 CWE-352 CWE-352 High Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1) CVE-2006-2833 CWE-79 CWE-79 High Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2) CVE-2006-4002 CWE-79 CWE-79 High Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4) CVE-2007-0136 CWE-79 CWE-79 High Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7) CVE-2007-5596 CWE-79 CWE-79 High Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10) CVE-2008-0274 CWE-79 CWE-79 High Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4) CVE-2007-0124 CWE-400 CWE-400 High Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3) CVE-2006-5477 CWE-20 CWE-20 High Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7) CVE-2007-5595 CWE-113 CWE-113 High Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3) CVE-2006-5475 CWE-79 CWE-79 High Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6) CVE-2007-4064 CWE-79 CWE-79 High Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1) CVE-2006-2831 CVE-2006-2832 CWE-79 CWE-95 CWE-79 CWE-95 High Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7) CVE-2007-5597 CWE-702 CWE-702 High Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8) CVE-2007-6299 CWE-89 CWE-89 High Drupal Core 4.7.x SQL Injection (4.7.0) CVE-2006-2742 CWE-89 CWE-89 High Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593 CWE-95 CWE-95 High Drupal Core 5.x Arbitrary Code Execution (5.0) CVE-2007-0626 CWE-95 CWE-95 High Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2) CVE-2007-5594 CWE-352 CWE-352 High Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5) CVE-2008-0272 CWE-352 CWE-352 High Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2) CVE-2007-5596 CWE-79 CWE-79 High Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5) CVE-2008-0273 CWE-79 CWE-79 High Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16) CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79 CWE-79 High Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17) CVE-2009-1844 CWE-79 CWE-79 High Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20) CVE-2009-4369 CWE-79 CWE-79 High Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2) CVE-2007-5595 CWE-113 CWE-113 High Drupal Core 5.x Information Disclosure (5.0 - 5.18) CVE-2009-2374 CWE-200 CWE-200 High Drupal Core 5.x Local File Inclusion (5.0 - 5.11) CVE-2008-6171 CWE-22 CWE-22 High Drupal Core 5.x Local File Inclusion (5.0 - 5.15) CWE-22 CWE-22 High Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1) CVE-2007-4063 CWE-352 CWE-352 High Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1) CVE-2007-4064 CWE-79 CWE-79 High Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10) CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793 CWE-264 CWE-264 High Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.22) CVE-2010-3092 CVE-2010-3093 CWE-264 CWE-264 High Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.7) CVE-2008-3219 CVE-2008-3220 CVE-2008-3222 CWE-352 CWE-384 CWE-352 CWE-384 High Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.9) CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3744 CWE-79 CWE-352 CWE-434 CWE-79 CWE-352 CWE-434 High Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12) CVE-2008-6532 CVE-2008-6533 CWE-79 CWE-352 CWE-79 CWE-352 High Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.21) CWE-79 CWE-264 CWE-601 CWE-79 CWE-264 CWE-601 High Drupal Core 5.x Security Bypass (5.0 - 5.2) CVE-2007-5597 CWE-702 CWE-702 High Drupal Core 5.x Session Fixation (5.0 - 5.8) CWE-384 CWE-384 High Drupal Core 5.x Session Fixation (5.0 - 5.19) CWE-384 CWE-384 High Drupal Core 5.x SQL Injection (5.0 - 5.3) CVE-2007-6299 CWE-89 CWE-89 High Drupal Core 5.x SQL Injection (5.0 - 5.14) CWE-89 CWE-89 High Drupal Core 6.x Cross-Site Scripting (6.0 - 6.10) CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79 CWE-79 High Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11) CVE-2009-1844 CWE-79 CWE-79 High Drupal Core 6.x Denial of Service (6.0 - 6.32) CVE-2014-5265 CVE-2014-5266 CVE-2014-5267 CWE-400 CWE-400 High Drupal Core 6.x Information Disclosure (6.0 - 6.30) CVE-2014-2983 CWE-200 CWE-200 High Drupal Core 6.x Local File Inclusion (6.0 - 6.9) CWE-22 CWE-22 High Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.14) CVE-2009-4369 CVE-2009-4370 CWE-79 CWE-79 High Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0 - 6.20) CWE-79 CWE-79 High Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0) CVE-2008-1131 CVE-2008-1133 CWE-79 CWE-79 High Drupal Core 6.x Multiple Security Bypass Vulnerabilities (6.0 - 6.4) CVE-2008-4789 CVE-2008-4791 CVE-2008-4792 CWE-264 CWE-264 High Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.2) CVE-2008-3218 CVE-2008-3219 CVE-2008-3220 CVE-2008-3221 CVE-2008-3222 CVE-2008-3223 CWE-79 CWE-89 CWE-352 CWE-384 CWE-79 CWE-89 CWE-352 CWE-384 High Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.3) CVE-2008-3740 CVE-2008-3741 CVE-2008-3742 CVE-2008-3743 CVE-2008-3744 CVE-2008-3745 CWE-79 CWE-264 CWE-352 CWE-434 CWE-79 CWE-264 CWE-352 CWE-434 High 1...78910...155 8 / 155
