Lucene search
+L

1360 matches found

github
github
added 2026/03/02 8:14 p.m.7 views

Products.isurlinportal has possible open redirect when using more than 2 forward slashes

Impact A url /login?camefrom=////evil.example may redirect to an external website after login. Standard Plone is not affected, but if you have customised the login, for example with add-ons, you might be affected. You can try the url to check if you are affected or not. Patches The problem has be...

6.1CVSS5.8AI score0.00227EPSS
Exploits0References4Affected Software2
snyk
snyk
added 2026/02/01 6:38 a.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the improper versification of user identify in comment posting feature. An attacker can exploit this vulnerability by impersonating a registered user, potentially leading to unauthoriz...

6.9CVSS5.5AI score
Exploits0References3
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.12 views

CVE-2021-33512

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

5.4CVSS5.6AI score0.0069EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:27 a.m.7 views

CVE-2021-33510

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

4.3CVSS6.5AI score0.00992EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS6.5AI score0.0204EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:26 a.m.9 views

CVE-2021-33511

Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel...

7.5CVSS6.8AI score0.01195EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:26 a.m.8 views

CVE-2021-33926

An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4...

8.8CVSS6.3AI score0.01005EPSS
Exploits1References1
veracode
veracode
added 2025/11/21 8:28 a.m.7 views

Denial-of-service (DoS)

@plone/volto is vulnerable to a denial-of-service DoS. The vulnerability is due to improper handling of a specific URL request, which allows an attacker to crash the NodeJS server component by simply visiting that crafted URL...

8.7CVSS6.9AI score0.00408EPSS
Exploits0References10Affected Software1
redhatcve
redhatcve
added 2025/10/07 3:22 p.m.6 views

CVE-2025-61668

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...

8.7CVSS6.6AI score0.00408EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0144

Malware in sbrugna...

5.4CVSS5.4AI score0.00802EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0087

Malware in sbrugna...

7.5CVSS7.5AI score0.01666EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0188

Malware in sbrugna...

5.4CVSS5.3AI score0.0097EPSS
Exploits1References10
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0116

Malware in sbrugna...

6.1CVSS6.1AI score0.00739EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0147

Malware in sbrugna...

7.5CVSS7.4AI score0.01253EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-0187

Malware in sbrugna...

5.4CVSS5.4AI score0.00536EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-0072

Malware in sbrugna...

4.3CVSS6.2AI score0.01807EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.11 views

EUVD-2017-0091

Malware in sbrugna...

4.9CVSS4.9AI score0.0258EPSS
Exploits2References15
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2014-0047

Malware in sbrugna...

8.5CVSS6.3AI score0.01695EPSS
Exploits0References8
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-0008

Malware in sbrugna...

4.3CVSS6.2AI score0.00642EPSS
Exploits1References11
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-0073

Malware in sbrugna...

5.8CVSS6.3AI score0.0119EPSS
Exploits0References8
Rows per page
Query Builder