VYPR
Vendor

Foundation

Products
7
CVEs
16
Across products
16
Status
Private

Products

7

Recent CVEs

16
  • CVE-2024-51734HigNov 4, 2024
    risk 0.57cvss epss 0.00

    Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2.…

  • CVE-2024-24811CriFeb 7, 2024
    risk 0.57cvss 9.8epss 0.01

    SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been…

  • CVE-2021-32674HigJun 8, 2021
    risk 0.50cvss 8.8epss 0.02

    Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available…

  • CVE-2020-26304HigOct 26, 2024
    risk 0.49cvss 7.5epss 0.01

    Foundation is a front-end framework. Versions 6.3.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any fixes are available.

  • CVE-2023-50053HigApr 30, 2024
    risk 0.49cvss 7.6epss 0.01

    An issue in Foundation.app Foundation platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation, the signed message lacks a nonce (random number)

  • CVE-2023-37271HigJul 11, 2023
    risk 0.48cvss 8.4epss 0.01

    RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least…

  • CVE-2023-41039HigAug 30, 2023
    risk 0.47cvss 8.3epss 0.01

    RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access.…

  • CVE-2025-22153HigJan 23, 2025
    risk 0.44cvss 7.9epss 0.00

    RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`,…

  • CVE-2023-36814HigJul 3, 2023
    risk 0.42cvss 7.5epss 0.01

    Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The…

  • CVE-2021-32811HigAug 2, 2021
    risk 0.42cvss 7.5epss 0.02

    Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and…

  • CVE-2023-41050MedSep 6, 2023
    risk 0.37cvss 6.8epss 0.01

    AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses…

  • CVE-2021-32633MedMay 21, 2021
    risk 0.37cvss 6.8epss 0.02

    Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through…

  • CVE-2024-47532MedSep 30, 2024
    risk 0.35cvss 6.5epss 0.01

    RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected (and potentially sensible) information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround,…

  • CVE-2021-32807MedJul 30, 2021
    risk 0.22cvss 4.4epss 0.02

    The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl`…

  • CVE-2023-42458LowSep 21, 2023
    risk 0.17cvss 3.7epss 0.01

    Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To…

  • CVE-2023-44389LowOct 4, 2023
    risk 0.13cvss 3.1epss 0.00

    Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches…