PyPI / zope

Modified: 11/8/2023

Remote Code Execution via traversal in TAL expressions

Modified: 3/13/2026

ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

Modified: 2/12/2024

Zope allows attackers to modify raw image and file data

Modified: 11/8/2023

Information disclosure in AccessControl

Modified: 2/18/2025

Zope does not properly restrict access to the getRoles method

Modified: 11/8/2023

Zope does not properly verify the access for objects with proxy roles

Modified: 2/12/2024

Remote Code Execution via Script (Python) objects under Python 3

Modified: 2/4/2026

Access control vulnerable to user data deletion by anonynmous users

Modified: 11/5/2024

Zope does not properly perform security registration for legacy names

Modified: 11/8/2023

Zope DocumentTemplate package allows unauthenticated write

Modified: 11/8/2023

Zope management interface vulnerable to stored cross site scripting via the title property

Modified: 11/19/2024

Zope Denial of Service (DoS) vulnerability in ZServer

Modified: 5/29/2026

Remote Code Execution via traversal in TAL expressions

Modified: 2/4/2026

Zope XSS Vulnerability

Modified: 2/16/2024

Zope Server vulnerable to DoS via header injection

Modified: 2/12/2024

Zope DTML implementation Improper Authentication

Modified: 11/8/2023

Zope vulnerable to Stored Cross Site Scripting with SVG images

Modified: 2/16/2024

Modified: 5/21/2026

Modified: 5/19/2026

Modified: 11/8/2023

Modified: 11/8/2023

Modified: 11/8/2023

Modified: 11/8/2023