Vulnerabilities > Plone > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-23054 | Uncontrolled Search Path Element vulnerability in Plone Docker Official Image 5.2.13 An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). | 9.8 |
| 2020-12-17 | CVE-2020-35190 | Missing Authentication for Critical Function vulnerability in Plone The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. | 10.0 |
| 2011-10-10 | CVE-2011-4030 | Permissions, Privileges, and Access Controls vulnerability in Plone Cmfeditions and Plone The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587. | 9.3 |
| 2011-10-10 | CVE-2011-3587 | Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. | 9.3 |
| 2008-03-20 | CVE-2008-1393 | Credentials Management vulnerability in Plone CMS Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote attackers to obtain administrative privileges by sniffing the network. | 10.0 |