shenhav12

3 exploits Active since Feb 2024
CVE-2024-22889 NOMISEC HIGH SUSPICIOUS
Plone 6.0.9 - Unauthenticated Arbitrary File Read via Crafted Request
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request.
CVSS 7.5
CVE-2024-25169 NOMISEC CRITICAL STUB
Mezzanine 6.0.0 - Improper Access Control in Admin Panel
An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request.
CVSS 9.8
CVE-2024-25170 NOMISEC CRITICAL STUB
Mezzanine 6.0.0 - Incorrect Authorization via Host Header Manipulation
An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header.
CVSS 9.1