CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

RedhatCVE•added 2026/03/07 1:44 a.m.•4 views

CVE-2026-28413

Products.isurlinportal is a replacement for isURLInPortal method in Plone. Prior to versions 2.1.0, 3.1.0, and 4.0.0, a url /login?camefrom=////evil.example may redirect to an external website after login. This issue has been patched in versions 2.1.0, 3.1.0, and 4.0.0...

6.1CVSS5.7AI score0.00013EPSS

Exploits0References1

NVD•added 2026/03/05 9:16 p.m.•2 views

CVE-2026-28413

6.1CVSS0.00013EPSS

Exploits0References1

OSV•added 2026/03/05 8:16 p.m.•3 views

CVE-2026-28413 Products.isurlinportal: Possible open redirect when using more than 2 forward slashes

5.3CVSS5.7AI score0.00013EPSS

Exploits0References3

Tenable Nessus•added 2026/03/04 12:0 a.m.•3 views

Plone Python Library Multiple Vulnerabilities (20230921)

The detected version of Plone python package, plone, is prior to version 5.2.14 or 6.x prior to 6.0.7. It is, therefore, affected by the following the vulnerabilities: - Multiple stored cross site scripting vulnerabilities exits when handling SVG images. An authenticated, remote attacker can...

7.5CVSS6.1AI score0.00503EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 11:28 a.m.•7 views

CVE-2021-33512

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

5.4CVSS5.6AI score0.00302EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:27 a.m.•3 views

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS6.5AI score0.00846EPSS

Exploits0References1