CVE-2026-23488

Blinko is affected prior to version 1.8.4. The /api/v1/comment/create endpoint allows unauthorized posting of comments to any note (including private ones), and /api/v1/comment/list allows unauthorized viewing of comments on all notes. The issue is fixed in version 1.8.4. CVSS v4.0 base score 6.9...

CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

PT-2023-28727 · Jfinalcms +1 · Jfinalcms +1

Name of the Vulnerable Software and Affected Versions: SpringbootCMS version 1.0 JFinalCMS affected versions not specified Description: The issue allows malicious code to be embedded in the foreground message and saved in the database. When users browse comments, the embedded malicious code in th...

Mail.ru: Stored XSS on store.my.games

Stored XSS in comment viewing functionality on store.my.games...

WordPress Comment Mismanagement Vulnerability

WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A comment mismanagement vulnerability exists in wp-includes/comment-template.php in WordPres...