Lucene search
K

8 matches found

OSV
OSV
added 4 days ago3 views

PYSEC-2026-764 High severity vulnerability that affects Plone and Zope2

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

7.5CVSS6AI score0.02014EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-0051

Malware in sbrugna...

4.3CVSS6.2AI score0.01231EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 12:15 a.m.11 views

CVE-2024-22889

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

7.5CVSS7.4AI score0.00697EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/05 12:0 a.m.17 views

CVE-2024-22889

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

6.8AI score0.00697EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/25 12:0 a.m.5 views

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version 5.2.13 that stems from allowing remote code execution via incorrect validation of HOST header input...

6.1CVSS8.1AI score0.01246EPSS
Exploits1References4
OSV
OSV
added 2020/12/30 7:15 p.m.28 views

PYSEC-2020-246

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS3.7AI score0.01066EPSS
Exploits0References4
PyPA
PyPA
added 2018/01/03 8:29 p.m.8 views

PYSEC-2018-73

By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login fo...

6.1CVSS6.8AI score0.00739EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2014/09/16 12:0 a.m.3 views

PT-2014-2324 · Plone Foundation +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone versions 4.3 prior to beta 1 Description: The issue allows remote attackers to enumerate user account names via a crafted URL. This is related to the membership tool.py script. Recommendations: For Plone...

6.9CVSS6AI score0.02641EPSS
Exploits0References26
Rows per page
Query Builder