Víctor Fernández de Alba

2 exploits Active since Aug 2025
CVE-2025-58047 WRITEUP HIGH WRITEUP
Volto < 16.34.0, 17.0.0-17.22.0, 18.0.0-18.23.0, 19.0.0-alpha.1-19.0.0-alpha.3 - DoS via Specific URL
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
CVSS 7.5
CVE-2025-61668 WRITEUP HIGH WRITEUP
Volto < 16.34.1, 17.0.0-17.22.1, 18.0.0-18.27.1, 19.0.0-alpha.1-19.0.0-alpha.5 - DoS via Specific URL
Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. This issue is fixed in versions 16.34.1, 17.22.2, 18.27.2 and 19.0.0-alpha.6.