Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

OSV
OSVadded 2022/05/17 4:32 a.m.13 views

GHSA-CQ5G-924M-7FXH Plone Information Disclosure

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

8.7CVSS6.2AI score0.00319EPSS
Exploits0References7
OSV
OSVadded 2020/01/23 9:15 p.m.9 views

CVE-2020-7940

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking...

7.5CVSS7.5AI score
Exploits0References4
OSV
OSVadded 2020/01/23 9:15 p.m.18 views

PYSEC-2020-90

A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...

9.8CVSS4.5AI score0.00619EPSS
Exploits0References4
Prion
Prionadded 2020/01/23 9:15 p.m.11 views

Default credentials

Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking...

5CVSS7.5AI score0.0034EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2020/01/23 8:38 p.m.85 views

CVE-2020-7940

Plone 4.3–5.2.0 is affected by CVE-2020-7940 due to missing password strength checks on certain forms, enabling weak passwords and easier cracking. Root cause: insufficient validation of password strength in the affected forms. Impact: weak passwords could be set by users, reducing account securi...

7.5CVSS7.3AI score0.0034EPSS
Exploits0References4Affected Software1
PyPA
PyPAadded 2014/11/03 10:55 p.m.4 views

PYSEC-2014-76

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator PRNG, which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability...

5CVSS6.9AI score0.00403EPSS
Exploits2References6Affected Software1
Prion
Prionadded 2014/09/30 2:55 p.m.18 views

Cross site request forgery (csrf)

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

5CVSS7AI score0.00319EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2014/09/30 2:55 p.m.16 views

PYSEC-2014-47

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name...

5CVSS5.5AI score0.00319EPSS
Exploits0References4
Prion
Prionadded 2014/09/30 2:55 p.m.14 views

Code injection

membershiptool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL...

5CVSS6.8AI score0.00435EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2014/09/30 2:0 p.m.87 views

CVE-2012-5486

CVE-2012-5486 - HP: ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19 (used in Plone before 4.3 beta 1) allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. Affected components: Zope 2 series up to 2.13.18; Plone deployments including the Plone before...

6.4CVSS6.4AI score0.00821EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder