CVE-2026-29098 SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

CVE-2026-29098

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the actionexportCustom function in modules/ModuleBuilder/controller.php fails to properly neutralize path traversal sequences in the $modules and $name...

CVE-2021-29098

creationtimestamp| type| source ---|---|--- 2025-04-10 15:49:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11266...

CVE-2024-29098

creationtimestamp| type| source ---|---|--- 2024-03-19 17:26:57+00:00| seen| https://t.me/ctinow/211733...

CVE-2024-29098 WordPress WP Calameo plugin <= 2.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7...

CVE-2024-29098

CVE-2024-29098: Stored XSS in WP Calameo (Calameo WP Calameo plugin) due to improper input handling during web page generation. Affected: WP Calameo

WordPress WP Calameo Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Calameo Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e6c0b84991b1 Credits Ray Wilson Required privilege Contributor...

CVE-2023-29098 WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ArtistScope CopySafe Web Protection plugin = 3.13 versions...

CVE-2023-29098

CVE-2023-29098 affects WordPress CopySafe Web Protection plugin up to version 3.13. Unauthenticated XSS vulnerability exposed on affected sites; remediation is upgrade to version 3.14 or later. Red Hat and NVD entries corroborate the issue; PatchStack lists the fix and notes cve details. If explo...

CVE-2023-29098 WordPress CopySafe Web Protection Plugin <= 3.13 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ArtistScope CopySafe Web Protection plugin = 3.13 versions...

CVE-2022-29098

Dell PowerScale OneFS versions 8.2.0.x–9.3.0.x contain a weak password requirement that allows an administrator to create an account with no password, potentially enabling remote user account compromise. This is supported by multiple sources (NVD, CVE record, and vendor references). The risk is d...

CVE-2021-29098

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

CVE-2021-29098 ArcGIS general raster security update: uninitialized pointer

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

CVE-2021-29098

VULNERABILITY SUMMARY: CVE-2021-29098 affects Esri ArcReader and related Esri products (ArcReader, ArcGIS Desktop/Engine 10.8.1 and earlier, ArcGIS Pro 2.7 and earlier). Root cause: parsing of PMF files yields an uninitialized pointer access, enabling arbitrary code execution in the context of th...