Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

CVE-2019-0829

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861...

CVE-2025-0829

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0829

creationtimestamp| type| source ---|---|--- 2025-03-17 15:49:00+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114178558507734826 2025-03-17 17:01:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lklmz3sg2c2e 2025-03-17 17:28:20+00:00| seen|...

CVE-2025-0829

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0829 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0829

CVE-2025-0829 : Stored XSS in ENOVIA Collaborative Industry Innovator (3D Markup) affecting 3DEXPERIENCE R2022x through R2024x. Underlying cause: stored cross-site scripting allowing arbitrary script execution in a user’s browser. Connected documents provide no patch/remediation details or exploi...

CVE-2025-0829 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-0829 Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...

CVE-2024-0829

Technical details about CVE-2024-0829 are not publicly provided in the connected documents. The initial description notes missing authorization in a WordPress plugin (up to version 5.0) but provides no further vendor/product/version specifics. Monitor for updates.

WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control

Software WordPress Comments Fields Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0829 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cdb4c1c8e480 Credits Francesco Carlucci...

CVE-2023-0829

creationtimestamp| type| source ---|---|--- 2023-10-02 11:02:45+00:00| seen| https://t.me/cibsecurity/70799...

CVE-2023-0829

CVE-2023-0829 describes a Cross-Site Scripting vulnerability in Parallels Plesk (Plesk) versions 17.0 through 18.0.31. The issue allows a malicious subscription owner (customer or additional user) to fully compromise the server if an administrator visits a page related to that subscription. Root ...

CVE-2023-0829 Cross-Site Scripting (XSS) vulnerability in Plesk

Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner either a customer or an additional user, can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription...

CVE-2021-0829

CVE-2021-0829 is listed in Android 12 Framework vulnerabilities as an Information Disclosure bug (Type: ID) with Android bug ID A-173806402 and Moderate severity. The Android 12 security release notes indicate fixes are included as part of the Android 12 patch_level 2021-10-01 or later. The docum...

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

Exploit for Improper Access Control in Webmin

golang-webmin-CVE-2022-0824-revshell RCE in Webmin target ur...

RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2022:0829)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0829 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

Mageia: Security Advisory (MGASA-2022-0090)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-0829

creationtimestamp| type| source ---|---|--- 2022-03-02 14:23:58+00:00| seen| https://t.me/cibsecurity/38292 2022-07-03 15:00:34+00:00| published-proof-of-concept| https://t.me/poxek/1897 2022-11-13 05:30:39+00:00| published-proof-of-concept| https://t.me/BlueRedTeam/2448 2023-03-23 12:40:43+00:00...