目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Drupal 厂商漏洞列表 / CVE 中文分析 295

Drupal 厂商相关 295 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Drupal 是广泛使用的开源内容管理系统,核心用于构建网站与数字体验。其历史漏洞多涉及远程代码执行、跨站脚本及权限绕过,常因配置不当或插件缺陷引发。尽管具备完善的安全更新机制,但累计 295 条 CVE 显示其攻击面较大。用户需及时修补并强化访问控制,以应对持续演变的安全威胁,确保系统稳定运行。

上位製品 Drupal: Drupal Core core Open Social Enterprise MFA - TFA for Drupal AI (Artificial Intelligence) COOKiES Consent Management Two-factor Authentication (TFA) One Time Password Authenticator Login OpenID Connect / OAuth client Facets Data-module Klaro Cookie & Consent Management Access code Quick Node Block Simple Klaro Google Tag Email TFA CivicTheme Design System Acquia DAM Drupal POST File Paragraphs table Tagify Drupal Canvas Login Disable Node Access Rebuild Progressive Monster Menus File Entity (fieldable files) File Access Fix (deprecated)
CVE IDタイトルCVSS深刻度公開日
CVE-2025-3907 Search API Solr - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-046 — Search API SolrCWE-352 8.8 -2025-04-23
CVE-2025-3904 Sportsleague - Critical - Unsupported - SA-CONTRIB-2025-045 — Sportsleague 9.4 -2025-04-23
CVE-2025-3903 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044 — UEditor - 百度编辑器 8.2 -2025-04-23
CVE-2025-3902 Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043 — Block ClassCWE-79 6.1 -2025-04-23
CVE-2025-3901 Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042 — Bootstrap Site AlertCWE-79 6.1 -2025-04-23
CVE-2025-3900 Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041 — ColorboxCWE-79 6.1 -2025-04-23
CVE-2025-3739 Drupal 8 Google Optimize Hide Page - Critical - Unsupported - SA-CONTRIB-2025-040 — Drupal 8 Google Optimize Hide Page 6.5AIMediumAI2025-04-16
CVE-2025-3738 Google Optimize - Critical - Unsupported - SA-CONTRIB-2025-039 — Google Optimize 8.2AIHighAI2025-04-16
CVE-2025-3737 Google Maps: Store Locator - Critical - Unsupported - SA-CONTRIB-2025-038 — Google Maps: Store Locator 8.2AIHighAI2025-04-16
CVE-2025-3736 Simple GTM - Critical - Unsupported - SA-CONTRIB-2025-037 — Simple GTM 9.4AICriticalAI2025-04-16
CVE-2025-3735 Panelizer (obsolete) - Critical - Unsupported - SA-CONTRIB-2025-036 — Panelizer (obsolete) 9.1AICriticalAI2025-04-16
CVE-2025-3734 Stage File Proxy - Moderately critical - Denial of Service - SA-CONTRIB-2025-035 — Stage File ProxyCWE-770 7.5AIHighAI2025-04-16
CVE-2025-3733 baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034 — baguetteBox.jsCWE-79 6.1AIMediumAI2025-04-16
CVE-2025-3474 Panels - Critical - Access bypass - SA-CONTRIB-2025-033 — PanelsCWE-306 9.1AICriticalAI2025-04-09
CVE-2025-3131 ECA: Event - Condition - Action - Critical - Cross site request forgery - SA-CONTRIB-2025-031 — ECA: Event - Condition - ActionCWE-352 8.8AIHighAI2025-04-09
CVE-2025-3475 WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030 — WEB-TCWE-770 7.5AIHighAI2025-04-09
CVE-2025-3130 Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029 — ObfuscateCWE-79 5.4 -2025-04-02
CVE-2025-3129 Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-028 — Access codeCWE-307 9.8AICriticalAI2025-04-02
CVE-2025-3062 Drupal Admin LTE theme - Critical - Unsupported - SA-CONTRIB-2025-010 — Drupal Admin LTE theme 9.1 -2025-03-31
CVE-2025-3061 Material Admin - Critical - Unsupported - SA-CONTRIB-2025-006 — Material Admin 9.8 -2025-03-31
CVE-2025-3060 Flattern – Multipurpose Bootstrap Business Profile - Critical - Unsupported - SA-CONTRIB-2025-005 — Flattern – Multipurpose Bootstrap Business Profile 8.2 -2025-03-31
CVE-2025-3059 Profile Private - Critical - Unsupported - SA-CONTRIB-2025-002 — Profile Private 8.2 -2025-03-31
CVE-2025-31697 Formatter Suite - Moderately critical - Cross site scripting - SA-CONTRIB-2025-026 — Formatter SuiteCWE-79 6.1 -2025-03-31
CVE-2025-31696 RapiDoc OAS Field Formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-025 — RapiDoc OAS Field FormatterCWE-79 6.1 -2025-03-31
CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024 — Link field display mode formatterCWE-79 6.1 -2025-03-31
CVE-2025-31694 Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023 — Two-factor Authentication (TFA)CWE-288 9.4 -2025-03-31
CVE-2025-31693 AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022 — AI (Artificial Intelligence)CWE-78 8.8 -2025-03-31
CVE-2025-31692 AI (Artificial Intelligence) - Critical - Remote Code Execution - SA-CONTRIB-2025-021 — AI (Artificial Intelligence)CWE-78 8.8 -2025-03-31
CVE-2025-31691 OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020 — OAuth2 ServerCWE-862 7.5 -2025-03-31
CVE-2025-31690 Cache Utility - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-019 — Cache UtilityCWE-352 8.8 -2025-03-31

本页汇总了 Drupal 厂商截至目前公开的全部 295 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。