39 matches found
Denial-of-service (DoS)
@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...
CVE-2025-61668
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
EUVD-2022-1402
Malicious code in bioql PyPI...
EUVD-2025-26139
Malicious code in bioql PyPI...
EUVD-2025-32021
Malicious code in bioql PyPI...
CVE-2025-61668
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
CVE-2025-61668 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...
CVE-2025-61668
CVE-2025-61668 affects Volto (Plone ReactJS frontend). Versions 16.34.0 and earlier; 17.0.0–17.22.1; 18.0.0–18.27.1; and 19.0.0-alpha.1–19.0.0-alpha.5 allow an anonymous user to trigger a NodeJS server crash by visiting a specific URL. Root cause: improper handling of a crafted URL request leadin...
Volto 代码问题漏洞
Volto is a content management system open-sourced by the Plone Foundation. A code issue vulnerability exists in Volto versions 16.34.0 and earlier, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, which stems from the fact that accessing a specific URL by...
@plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
GHSA-M8RJ-PPPH-MJ33 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
Improper Check for Unusual or Exceptional Conditions
Overview @plone/volto is a Volto Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions via the API REDUX middleware when a specific URL is accessed by an anonymous user. An attacker can cause the server to terminate unexpectedly by sending crafte...
PT-2025-40309
Name of the Vulnerable Software and Affected Versions Volto versions 16.34.0 through 16.34.1 Volto versions 17.0.0 through 17.22.1 Volto versions 18.0.0 through 18.27.1 Volto versions 19.0.0-alpha.1 through 19.0.0-alpha.5 Description An anonymous user can cause the NodeJS server part of Volto to...
Denial Of Service (DoS)
@plone/volto is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific URL requests which allows an attacker to crash the NodeJS server component and cause downtime...
CVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
CVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...
CVE-2025-58047 Volto affected by possible DoS by invoking specific URL by anonymous user
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when...