Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2001-0568
Digital Creations Zope 2.3.1 b1 and previous versions allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
Zope Zope
187
VMScore
CVE-2001-0569
Digital Creations Zope 2.3.1 b1 and previous versions contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
Zope Zope
578
VMScore
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available fo...
Zope Zope
383
VMScore
CVE-2011-4924
Cross-site scripting (XSS) vulnerability in Zope 2.8.x prior to 2.8.12, 2.9.x prior to 2.9.12, 2.10.x prior to 2.10.11, 2.11.x prior to 2.11.6, and 2.12.x prior to 2.12.3, 3.1.1 up to and including 3.4.1. allows remote malicious users to inject arbitrary web script or HTML via ve...
Zope Zope
NA
CVE-2023-42458
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To expl...
Zope Zope
668
VMScore
CVE-2009-0669
Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to bypass authentication via vectors involving the ZEO network protocol.
Zope Zodb
Zope Zodb 3.8.0
Zope Zodb 3.8
383
VMScore
CVE-2021-33507
Zope Products.CMFCore prior to 2.5.1 and Products.PluggableAuthService prior to 2.6.2, as used in Plone up to and including 5.2.4 and other products, allow Reflected XSS.
Plone Plone
Zope Zope
578
VMScore
CVE-2021-32633
Zope is an open-source web application server. In Zope versions before 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the...
Plone Plone
Zope Zope
NA
CVE-2023-37271
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least gener...
Zope Restrictedpython
Zope Restrictedpython 6.0
NA
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »