Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least gener...
Zope Restrictedpython
Zope Restrictedpython 6.0
9.8
CVSSv3
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
8.8
CVSSv3
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available fo...
Zope Zope
8.8
CVSSv3
CVE-2021-32633
Zope is an open-source web application server. In Zope versions before 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the...
Plone Plone
Zope Zope
8.8
CVSSv3
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 up to and including 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)
Plone Plone
8.8
CVSSv3
CVE-2015-7293
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and previous versions, and Plone prior to 5.x.
Plone Plone 4.3.11
Plone Plone 4.3.10
Plone Plone 4.3.9
Plone Plone 4.3.8
Plone Plone 4.2.2
Plone Plone 4.2.1
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.0.1
Plone Plone 4.0
Plone Plone 4.3.3
Plone Plone 4.3.2
Plone Plone 4.3.1
Plone Plone 4.3
Plone Plone 4.1.1
Plone Plone 4.1
Plone Plone 4.0.10
Plone Plone 4.0.9
Plone Plone 3.3.1
Plone Plone 3.3
1 EDB exploit
7.8
CVSSv3
CVE-2021-36089
Grok 7.6.6 up to and including 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Zope Grok
7.7
CVSSv3
CVE-2023-41050
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Tho...
Zope Accesscontrol
Zope Zope
7.7
CVSSv3
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from...
Zope Restrictedpython
7.5
CVSSv3
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. Th...
Zope Products.cmfcore
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »