Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zopefoundation — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting zopefoundation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by zopefoundation:ZopeRestrictedPythonAccessControlProducts.PluggableAuthServiceProducts.GenericSetupProducts.CMFCoreProducts.SQLAlchemyDA
CVE IDTitleCVSSSeverityPublished
CVE-2025-22153 try/except* clauses could allow bypass RestrictedPython via type confusion bug in the CPython interpreter — RestrictedPythonCWE-843 7.9 High2025-01-23
CVE-2024-51734 User data deletion by anoynmous users in Zope — AccessControlCWE-284 6.5AIMediumAI2024-11-04
CVE-2024-47532 RestrictedPython information leakage via `AttributeError.obj` and the `string` module — RestrictedPythonCWE-200 6.5 -2024-09-30
CVE-2024-24811 Products.SQLAlchemyDA vulnerable to unauthenticated arbitrary SQL query execution — Products.SQLAlchemyDACWE-89 9.8 Critical2024-02-07
CVE-2023-44389 Zope management interface vulnerable to stored cross site scripting via the title property — ZopeCWE-79 3.1 Low2023-10-04
CVE-2023-42458 Zope vulnerable to Stored Cross Site Scripting with SVG images — ZopeCWE-80 3.7 Low2023-09-21
CVE-2023-41050 Information disclosure through Python's "format" functionality in Zope AccessControl — AccessControlCWE-200 6.8 Medium2023-09-06
CVE-2023-41039 Sandbox escape via various forms of "format" in RestrictedPython — RestrictedPythonCWE-74 8.3 High2023-08-30
CVE-2023-37271 RestrictedPython vulnerable to arbitrary code execution via stack frame sandbox escape — RestrictedPythonCWE-913 8.4 High2023-07-11
CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module — Products.CMFCoreCWE-770 7.5 High2023-07-03
CVE-2021-32811 Remote Code Execution via Script (Python) objects under Python 3 — ZopeCWE-915 7.5 High2021-08-02
CVE-2021-32807 Remote Code Execution via unsafe classes in otherwise permitted modules — AccessControlCWE-915 4.4 Medium2021-07-30
CVE-2021-32674 Remote Code Execution via traversal in TAL expressions — ZopeCWE-22 8.8 High2021-06-08
CVE-2021-32633 Remote Code Execution via traversal in TAL expressions — ZopeCWE-22 6.8 Medium2021-05-21
CVE-2021-21360 Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup — Products.GenericSetupCWE-200 5.3 Medium2021-03-09
CVE-2021-21337 URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService — Products.PluggableAuthServiceCWE-601 5.7 Medium2021-03-08
CVE-2021-21336 Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager — Products.PluggableAuthServiceCWE-200 6.5 Medium2021-03-08

This page lists every published CVE security advisory associated with zopefoundation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.