Drupal: 9.1.15 → 10.4.10
Drupal · upgrade impact · Official site ↗
Fixed by upgrading to 10.4.10 iVulnerabilities that affect 9.1.15 but no longer affect 10.4.10 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2026-9082 CRITICAL ● exploited EPSS 10% ✓ cleared in 10.4.10 CVE-2024-55636 CRITICAL EPSS 11% ✓ cleared in 10.4.10 CVE-2024-55637 CRITICAL EPSS 10% ✓ cleared in 10.4.10 CVE-2024-55638 CRITICAL EPSS 10% ✓ cleared in 10.4.10 CVE-2022-39261 HIGH EPSS 10% ✓ cleared in 10.4.10 CVE-2024-12393 MEDIUM EPSS 3% ✓ cleared in 10.4.10 CVE-2022-25277 HIGH EPSS 2% ✓ cleared in 10.4.10 CVE-2023-5256 HIGH EPSS 1% ✓ cleared in 10.4.10 CVE-2024-55634 HIGH EPSS 1% ✓ cleared in 10.4.10 CVE-2022-24729 MEDIUM EPSS 1% ✓ cleared in 10.4.10 CVE-2022-24728 MEDIUM EPSS 1% ✓ cleared in 10.4.10 CVE-2022-24775 HIGH EPSS 1% ✓ cleared in 10.4.10 CVE-2024-11941 HIGH EPSS 1% ✓ cleared in 10.4.10 CVE-2022-25275 HIGH EPSS 1% ✓ cleared in 10.4.10 CVE-2022-25278 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2022-25273 HIGH EPSS 0% ✓ cleared in 10.4.10 CVE-2025-3057 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-31674 HIGH EPSS 0% ✓ cleared in 10.4.10 CVE-2025-31675 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13081 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-31673 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13080 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13082 MEDIUM EPSS 0% ✓ cleared in 10.4.10 CVE-2025-13083 LOW EPSS 0% ✓ cleared in 10.4.10Still open in 10.4.10 iKnown vulnerabilities that affect 10.4.10 too — upgrading to it does not clear these.
These affect 10.4.10 as well — a later release may be needed.
CVE-2026-6366 MEDIUM EPSS 0% → fixed in 11.3.7 CVE-2026-6365 MEDIUM EPSS 0% → fixed in 11.3.7