CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
5 results · Page 1/1
Drupal Core SQL Injection Vulnerability
Drupal · Core
Drupal Core contains a SQL injection vulnerability that could allow for privilege escalation and remote code execution via specially crafted requests sent with the database abstraction API.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Drupal Core Remote Code Execution Vulnerability
Drupal · Core
A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.
Required Action
Apply updates per vendor instructions.
Drupal Core Remote Code Execution Vulnerability
Drupal · Core
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Required Action
Apply updates per vendor instructions.
Drupal core Un-restricted Upload of File
Drupal · Drupal core
Improper sanitization in the extension file names is present in Drupal core.
Required Action
Apply updates per vendor instructions.
Drupal Core Remote Code Execution Vulnerability
Drupal · Drupal Core
Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.
Required Action
Apply updates per vendor instructions.
