Vulnerabilities > Plone > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23054 | Uncontrolled Search Path Element vulnerability in Plone Docker Official Image 5.2.13 An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | 9.8 |
| 2021-05-21 | CVE-2021-33509 | Incorrect Permission Assignment for Critical Resource vulnerability in Plone Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 9.9 |
| 2020-12-17 | CVE-2020-35190 | Missing Authentication for Critical Function vulnerability in Plone The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. | 9.8 |
| 2020-01-23 | CVE-2020-7941 | Unspecified vulnerability in Plone A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | 9.8 |