Important Photon OS Security Update - PHSA-2026-5.0-0827

Updates of 'python3-ujson', 'jq' packages of Photon OS have been released...

TencentOS Server 4: freeipa (TSSA-2025:0827)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0827 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2022-0827

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2020-0827

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829,...

CVE-2025-0827

creationtimestamp| type| source ---|---|--- 2025-03-17 15:48:59+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114178558444517317 2025-03-17 17:01:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklmz3zhn22e...

CVE-2025-0827

A stored Cross-site Scripting XSS vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0827

CVE-2025-0827 describes a stored XSS in Dassault Systèmes 3DSwymer’s 3DPlay component, affecting 3DEXPERIENCE R2022x–R2024x. The vulnerability allows an attacker to execute arbitrary script in a user’s browser session. Root cause is stored XSS in 3DSwymer/3DPlay, with CVSSv3.1 base score 8.7 (HIG...

CVE-2022-0827

creationtimestamp| type| source ---|---|--- 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-02-01 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-01 2025-02-01 00:00:00+00:00| exploited| The Shadowserver...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0827 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f23f219c4e4b Credits Francesco Carlucci Required...

CVE-2024-0827 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticat...

CVE-2024-0827

The CVE CVE-2024-0827 affects the WordPress plugin Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio, vulnerable in all versions up to 3.6.4 due to missing or incorrect nonce validation in several functions. This CSRF flaw could allow unauthenticated attackers to invoke those fu...

AlmaLinux 8 : .NET 8.0 (ALSA-2024:0827)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0827 advisory. - .NET Denial of Service Vulnerability CVE-2024-21386, CVE-2024-21404 Note that Nessus has not tested for these issues but has instead relied only on the...

SUSE CVE-2004-0827

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via malformed 1 AVI, 2 BMP, or 3 DIB files...

CVE-2023-0827

creationtimestamp| type| source ---|---|--- 2023-02-14 16:45:57+00:00| seen| https://t.me/cibsecurity/58101...

CVE-2023-0827 Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Cross-site Scripting XSS - Stored in GitHub repository pimcore/pimcore prior to 1.5.17...

CVE-2023-0827

CVE-2023-0827 concerns a Stored XSS vulnerability in pimcore/pimcore prior to version 1.5.17. The issue originates from storing unvalidated user input, enabling injection of malicious scripts within Pimcore’s web application. Affected component is the Pimcore CMS/pimcore repository, with public r...

CVE-2021-0827

This CVE entry (CVE-2021-0827) is listed in the Android 12 vulnerability details under the Framework component with Type ID (Information disclosure) and Severity Moderate. Connected documents confirm the issue exists in Android 12’s vulnerability catalog, categorized as an Information Disclosure ...

CVE-2022-0827 Bestbooks <= 2.6.3 - Unauthenticated SQLi

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...

CVE-2022-0827

WordPress Best Books plugin (versions up to 2.6.3) contains an SQL injection due to insufficient sanitization/escaping of parameters in an Ajax action. The vulnerability affects the plugin's handling of user-supplied data in SQL statements, enabling unauthenticated attackers to potentially read o...

Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2022-0827)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0827 advisory. 3.1.417-1.0.1 - Add missing Oracle Linux Runtime IDs 3.1.417-1 - Update to .NET SDK 3.1.417 and Runtime 3.1.23 - Resolves: RHBZ2060567 Tenable has...