High Severity Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)	CVE-2016-8908 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)	CVE-2016-10007 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)	CVE-2016-10008 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)	CVE-2019-12872 CWE-138	CWE-138	High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)	CVE-2020-27848 CWE-138	CWE-138	High
Dot CMS Other Vulnerability (CVE-2016-4803)	CVE-2016-4803		High
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)	CVE-2016-8600 CWE-264	CWE-264	High
DotCMS unrestricted file upload (CVE-2022-26352)	CVE-2022-26352 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)	CVE-2017-3189 CWE-434	CWE-434	High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)	CVE-2017-11466 CWE-434	CWE-434	High
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)	CVE-2022-45782 CWE-338	CWE-338	High
Dotenv .env file	CWE-538	CWE-538	High
DotNetNuke multiple vulnerabilities	CVE-2012-1030 CWE-79	CWE-79	High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)	CVE-2021-33564 CWE-20	CWE-20	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554 CWE-264	CWE-264	High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)	CVE-2016-3163		High
Drupal Backup Migrate directory publicly accessible	CWE-538	CWE-538	High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)	CVE-2005-0682 CWE-79	CWE-79	High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)	CVE-2005-3973 CWE-79	CWE-79	High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)	CVE-2006-1226 CWE-79	CWE-79	High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)	CWE-20	CWE-20	High
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)	CWE-79 CWE-113	CWE-79 CWE-113	High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)	CWE-264	CWE-264	High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)	CWE-384	CWE-384	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)	CVE-2006-2831 CWE-95	CWE-95	High
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)	CVE-2006-5476 CWE-352	CWE-352	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)	CVE-2005-3973 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)	CVE-2006-1226 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)	CVE-2006-2833 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)	CVE-2006-4002 CWE-79	CWE-79	High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)	CVE-2007-0136 CWE-79	CWE-79	High
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)	CWE-20	CWE-20	High
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)	CWE-79 CWE-113	CWE-79 CWE-113	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)	CVE-2005-3974 CWE-264	CWE-264	High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)	CWE-264	CWE-264	High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)	CWE-384	CWE-384	High
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)	CVE-2006-2742 CWE-89	CWE-89	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)	CVE-2006-5476 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)	CVE-2008-0272 CWE-352	CWE-352	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)	CVE-2006-2833 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)	CVE-2006-4002 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)	CVE-2007-0136 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)	CVE-2007-5596 CWE-79	CWE-79	High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)	CVE-2008-0274 CWE-79	CWE-79	High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)	CVE-2007-0124 CWE-400	CWE-400	High
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)	CVE-2006-5477 CWE-20	CWE-20	High
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)	CVE-2007-5595 CWE-113	CWE-113	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)	CVE-2006-5475 CWE-79	CWE-79	High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)	CVE-2007-4064 CWE-79	CWE-79	High
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)	CVE-2006-2831 CVE-2006-2832 CWE-79 CWE-95	CWE-79 CWE-95	High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)	CVE-2007-5597 CWE-702	CWE-702	High
Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)	CVE-2007-6299 CWE-89	CWE-89	High
Drupal Core 4.7.x SQL Injection (4.7.0)	CVE-2006-2742 CWE-89	CWE-89	High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)	CVE-2007-5593 CWE-95	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2)	CVE-2007-5594 CWE-352	CWE-352	High
Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)	CVE-2008-0272 CWE-352	CWE-352	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2)	CVE-2007-5596 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5)	CVE-2008-0273 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)	CVE-2009-1575 CVE-2009-1576 CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)	CVE-2009-1844 CWE-79	CWE-79	High
Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20)	CVE-2009-4369 CWE-79	CWE-79	High
Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2)	CVE-2007-5595 CWE-113	CWE-113	High
Drupal Core 5.x Information Disclosure (5.0 - 5.18)	CVE-2009-2374 CWE-200	CWE-200	High
Drupal Core 5.x Local File Inclusion (5.0 - 5.11)	CVE-2008-6171 CWE-22	CWE-22	High
Drupal Core 5.x Local File Inclusion (5.0 - 5.15)	CWE-22	CWE-22	High
Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)	CVE-2007-4063 CWE-352	CWE-352	High
Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1)	CVE-2007-4064 CWE-79	CWE-79	High
Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)	CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793 CWE-264	CWE-264	High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)

CVE-2016-8908

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10007)

CVE-2016-10007

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10008)

CVE-2016-10008

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)

CVE-2019-12872

CWE-138

High

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)

CVE-2020-27848

CWE-138

High

Dot CMS Other Vulnerability (CVE-2016-4803)

CVE-2016-4803

High

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)

CVE-2016-8600

CWE-264

High

DotCMS unrestricted file upload (CVE-2022-26352)

CVE-2022-26352

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)

CVE-2017-3189

CWE-434

High

Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)

CVE-2017-11466

CWE-434

High

Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)

CVE-2022-45782

CWE-338

High

Dotenv .env file

CWE-538

High

DotNetNuke multiple vulnerabilities

CVE-2012-1030

CWE-79

High

Dragonfly Arbitrary File Read/Write (CVE-2021-33564)

CVE-2021-33564

CWE-20

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4553 CVE-2012-4554

CWE-264

High

Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)

CVE-2016-3163

High

Drupal Backup Migrate directory publicly accessible

CWE-538

High

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)

CVE-2005-0682

CWE-79

High

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)

CVE-2005-3973

CWE-79

High

Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)

CVE-2006-1226

CWE-79

High

Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)

CWE-20

High

Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)

CWE-79 CWE-113

High

Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)

CWE-264

High

Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)

CWE-384

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

CVE-2006-2743

CWE-95

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)

CVE-2006-2831

CWE-95

High

Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)

CVE-2006-5476

CWE-352

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)

CVE-2005-3973

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)

CVE-2006-1226

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)

CVE-2006-2833

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)

CVE-2006-4002

CWE-79

High

Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)

CVE-2007-0136

CWE-79

High

Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)

CVE-2007-0124

CWE-400

High

Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)

CVE-2006-5477

CWE-20

High

Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)

CWE-20

High

Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)

CVE-2006-5475

CWE-79

High

Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)

CWE-79 CWE-113

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)

CVE-2005-3974

CWE-264

High

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)

CWE-264

High

Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)

CWE-384

High

Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)

CVE-2006-2742

CWE-89

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

CVE-2007-0626

CWE-95

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

CVE-2006-2743

CWE-95

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)

CVE-2006-5476

CWE-352

High

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)

CVE-2008-0272

CWE-352

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)

CVE-2006-2833

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)

CVE-2006-4002

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

CVE-2007-0136

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)

CVE-2007-5596

CWE-79

High

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)

CVE-2008-0274

CWE-79

High

Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)

CVE-2007-0124

CWE-400

High

Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)

CVE-2006-5477

CWE-20

High

Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)

CVE-2007-5595

CWE-113

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)

CVE-2006-5475

CWE-79

High

Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)

CVE-2007-4064

CWE-79

High

Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)

CVE-2006-2831 CVE-2006-2832

CWE-79 CWE-95

High

Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)

CVE-2007-5597

CWE-702

High

Drupal Core 4.7.x SQL Injection (4.7.0 - 4.7.8)

CVE-2007-6299

CWE-89

High

Drupal Core 4.7.x SQL Injection (4.7.0)

CVE-2006-2742

CWE-89

High

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

CVE-2007-5593

CWE-95

High

Drupal Core 5.x Arbitrary Code Execution (5.0)

CVE-2007-0626

CWE-95

High

Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.2)

CVE-2007-5594

CWE-352

High

Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)

CVE-2008-0272

CWE-352

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.2)

CVE-2007-5596

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.5)

CVE-2008-0273

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16)

CVE-2009-1575 CVE-2009-1576 CVE-2009-1844

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.17)

CVE-2009-1844

CWE-79

High

Drupal Core 5.x Cross-Site Scripting (5.0 - 5.20)

CVE-2009-4369

CWE-79

High

Drupal Core 5.x HTTP Response Splitting (5.0 - 5.2)

CVE-2007-5595

CWE-113

High

Drupal Core 5.x Information Disclosure (5.0 - 5.18)

CVE-2009-2374

CWE-200

High

Drupal Core 5.x Local File Inclusion (5.0 - 5.11)

CVE-2008-6171

CWE-22

High

Drupal Core 5.x Local File Inclusion (5.0 - 5.15)

CWE-22

High

Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)

CVE-2007-4063

CWE-352

High

Drupal Core 5.x Multiple Cross-Site Scripting Vulnerabilities (5.0 - 5.1)

CVE-2007-4064

CWE-79

High

Drupal Core 5.x Multiple Security Bypass Vulnerabilities (5.0 - 5.10)

CVE-2008-4790 CVE-2008-4791 CVE-2008-4792 CVE-2008-4793

CWE-264

High

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities