Vulnerabilidades en zopefoundation
17 resultadosCVE-2021-21337MEDIUMURL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthServiceEPSS 8.4%CVE-2021-32811HIGHRemote Code Execution via Script (Python) objects under Python 3EPSS 2.3%CVE-2021-32807MEDIUMRemote Code Execution via unsafe classes in otherwise permitted modulesEPSS 2.0%CVE-2021-32633MEDIUMRemote Code Execution via traversal in TAL expressionsEPSS 1.8%CVE-2021-32674HIGHRemote Code Execution via traversal in TAL expressionsEPSS 1.6%CVE-2021-21360MEDIUMExposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetupEPSS 1.5%CVE-2021-21336MEDIUMExposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManagerEPSS 1.5%CVE-2024-24811CRITICALProducts.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query executionEPSS 0.9%CVE-2023-37271HIGHRestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escapeEPSS 0.8%CVE-2024-47532HIGHRestrictedPython information leakage via `AttributeError.obj` and the `string` moduleEPSS 0.7%CVE-2023-41039HIGHSandbox escape via various forms of "format" in RestrictedPythonEPSS 0.6%CVE-2023-36814HIGHzopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal moduleEPSS 0.6%CVE-2023-42458LOWZope vulnerable to Stored Cross Site Scripting with SVG imagesEPSS 0.6%CVE-2023-41050MEDIUMInformation disclosure through Python's "format" functionality in Zope AccessControlEPSS 0.5%CVE-2024-51734HIGHUser data deletion by anoynmous users in ZopeEPSS 0.4%CVE-2023-44389LOWZope management interface vulnerable to stored cross site scripting via the title propertyEPSS 0.4%CVE-2025-22153HIGHtry/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreterEPSS 0.4%