zope

Top products

The 15 most recently published vulnerabilities affecting zope.

• CVE-2024-47532RestrictedPython information leakage via `AttributeError.obj` and the `string` module6.5Sep 30, 2024
• CVE-2024-24811Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution9.8Feb 7, 2024
• CVE-2023-44389Zope management interface vulnerable to stored cross site scripting via the title property3.1Oct 4, 2023
• CVE-2023-42458Zope vulnerable to Stored Cross Site Scripting with SVG images3.7Sep 21, 2023
• CVE-2023-41050Information disclosure through Python's "format" functionality in Zope AccessControl6.8Sep 6, 2023
• CVE-2023-41039Sandbox escape via various forms of "format" in RestrictedPython8.3Aug 30, 2023
• CVE-2023-37271RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape8.4Jul 11, 2023
• CVE-2023-36814zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module7.5Jul 3, 2023
• CVE-2021-32811Remote Code Execution via Script (Python) objects under Python 37.5Aug 2, 2021
• CVE-2021-32807Remote Code Execution via unsafe classes in otherwise permitted modules4.4Jul 30, 2021
• CVE-2021-36089Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).7.8Jul 1, 2021
• CVE-2021-32674Remote Code Execution via traversal in TAL expressions8.8Jun 8, 2021
• CVE-2021-33507Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.6.1May 21, 2021
• CVE-2021-32633Remote Code Execution via traversal in TAL expressions6.8May 21, 2021
• CVE-2021-21360Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup5.3Mar 9, 2021