CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

CVE-2026-10284 DevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorization

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

EUVD-2026-33752

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

CVE-2026-10284

A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to...

Project Management Authorization Vulnerabilities

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

SUSE CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2026-25120

Gogs CVE-2026-25120 affects versions 0.13.4 and earlier. The issue arises in DeleteComment: the API does not verify that the comment belongs to the repository specified in the URL, allowing a repository administrator to delete comments from other repositories by supplying arbitrary comment IDs. T...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...

Sql injection

A vulnerability was found in luckyshot CRMx and classified as critical. This issue affects the function get/save/delete/comment/commentdelete of the file index.php. The manipulation leads to sql injection. The attack may be initiated remotely. The name of the patch is...

Cross site request forgery (csrf)

CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request...

Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

Two months ago, we reported a critical vulnerability on the Yahoo Answers platform that allowed a hacker to delete all the posted thread and comments from Yahoo's Suggestion Board website. Recently, a similar vulnerability has been reported by another Egyptian security researcher 'Ahmed Aboul-Ela...