| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-22153 | try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter | zopefoundation | RestrictedPython | High | 7.9 | 2025-01-23 17:34:27 | Deep Dive |
| CVE-2024-51734 | User data deletion by anoynmous users in Zope | zopefoundation | AccessControl | - | - | 2024-11-04 22:25:22 | Deep Dive |
| CVE-2024-47532 | RestrictedPython information leakage via `AttributeError.obj` and the `string` module | zopefoundation | RestrictedPython | 中危 | - | 2024-09-30 15:29:58 | Deep Dive |
| CVE-2024-24811 | Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution | zopefoundation | Products.SQLAlchemyDA | Critical | 9.8 | 2024-02-07 14:54:42 | Deep Dive |
| CVE-2023-44389 | Zope management interface vulnerable to stored cross site scripting via the title property | zopefoundation | Zope | Low | 3.1 | 2023-10-04 20:07:34 | Deep Dive |
| CVE-2023-42458 | Zope vulnerable to Stored Cross Site Scripting with SVG images | zopefoundation | Zope | Low | 3.7 | 2023-09-21 16:34:12 | Deep Dive |
| CVE-2023-41050 | Information disclosure through Python's "format" functionality in Zope AccessControl | zopefoundation | AccessControl | Medium | 6.8 | 2023-09-06 17:58:11 | Deep Dive |
| CVE-2023-41039 | Sandbox escape via various forms of "format" in RestrictedPython | zopefoundation | RestrictedPython | High | 8.3 | 2023-08-30 17:18:56 | Deep Dive |
| CVE-2023-37271 | RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape | zopefoundation | RestrictedPython | High | 8.4 | 2023-07-11 17:14:11 | Deep Dive |
| CVE-2023-36814 | zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module | zopefoundation | Products.CMFCore | High | 7.5 | 2023-07-03 16:48:36 | Deep Dive |
| CVE-2021-32811 | Remote Code Execution via Script (Python) objects under Python 3 | zopefoundation | Zope | High | 7.5 | 2021-08-02 21:55:11 | Deep Dive |
| CVE-2021-32807 | Remote Code Execution via unsafe classes in otherwise permitted modules | zopefoundation | AccessControl | Medium | 4.4 | 2021-07-30 21:20:11 | Deep Dive |
| CVE-2021-32674 | Remote Code Execution via traversal in TAL expressions | zopefoundation | Zope | High | 8.8 | 2021-06-08 17:45:12 | Deep Dive |
| CVE-2021-32633 | Remote Code Execution via traversal in TAL expressions | zopefoundation | Zope | Medium | 6.8 | 2021-05-21 13:55:10 | Deep Dive |
| CVE-2021-21360 | Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup | zopefoundation | Products.GenericSetup | Medium | 5.3 | 2021-03-09 00:30:16 | Deep Dive |
| CVE-2021-21337 | URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService | zopefoundation | Products.PluggableAuthService | Medium | 5.7 | 2021-03-08 21:10:20 | Deep Dive |
| CVE-2021-21336 | Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager | zopefoundation | Products.PluggableAuthService | Medium | 6.5 | 2021-03-08 20:40:17 | Deep Dive |