Shenhav12

**Name of the Vulnerable Software and Affected Versions** Plone version v6.0.9 **Description** The issue is due to incorrect access control, allowing remote attackers to view and list all files hosted on the website by sending a crafted request. **Recommendations** For Plone version v6.0.9, update to a version that fixes the incorrect access control issue to prevent remote attackers from viewing and listing files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mezzanine version 6.0.0 **Description** An issue in Mezzanine allows attackers to bypass access control mechanisms in the admin panel via a crafted request. **Recommendations** For Mezzanine version 6.0.0, consider restricting access to the admin panel until a patch is available. As a temporary workaround, review and monitor all requests to the admin panel to detect potential bypass attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mezzanine version 6.0.0 **Description** An issue in the software allows attackers to bypass access controls via manipulating the `Host` header. This can lead to unauthorized access to sensitive information or systems. **Recommendations** For Mezzanine version 6.0.0, consider restricting access to sensitive areas of the application until a patch is available. As a temporary workaround, disabling the manipulation of the `Host` header may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.