CVE-2025-4202

CVE-2025-4202 affects the Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress. A missing capability check in the cf_add_comment function across all versions up to 5.2 allows authenticated users with Subscriber-level access or higher to modify data by adding comment...

EUVD-2025-209886

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

CVE-2026-5828

A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid results in sql injection. The attack may be launched remotely. The exploit has been made public and...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

CVE-2026-1036

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletecomment function in all versions up to, and including, 1.8.36. This makes it possible for unauthenticated attackers to...

EUVD-2006-0988

Malware in sbrugna...

CVE-2024-11479 Authenticated HTML Injection in Issuetrak Ticket Comment Function

A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket...

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

CVE-2024-50810

CVE-2024-50810 affects hopetree izone lts (version c011b48). The vulnerability is a Cross Site Scripting (XSS) in the article comment function, caused by AddCommintView() not properly filtering user input and rendering it directly via templates in apps/comment/views.py. This can allow attacker-co...

PT-2023-30676 · Unknown · Opensupports

Name of the Vulnerable Software and Affected Versions: OpenSupports version 4.11.0 Description: The issue allows an attacker to bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type in the comment function. This can enable the...

SUSE CVE-2017-15371

There is a reachable assertion abort in the function soxappendcomment in formats.c in Sound eXchange SoX 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file...

YzmCMS uncontrolled recursion vulnerability

Yzmcms is an open source CMS content management system for Yzmcms individual developers. an uncontrolled recursive vulnerability exists in YzmCMS v6.3, which stems from the fact that the comment function can operate concurrently and an attacker can use this vulnerability to create an unusually...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

Code injection

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

CVE-2022-23889

The CVE-2022-23889 entry concerns YzmCMS v6.3 where the comment function can be operated concurrently, enabling an attacker to generate an unusually large number of comments. The core issue is a race/concurrency condition in the comment handling code, leading to potential resource exhaustion or i...

CVE-2022-23889

The comment function in YzmCMS v6.3 was discovered as being able to be operated concurrently, allowing attackers to create an unusually large number of comments...

Sound eXchange Denial of Service Vulnerability

Sound eXchange SoX is a set of open source audio processing tools. The tool supports playback, conversion and recording of multiple audio format files. A security vulnerability exists in the 'soxappendcomment' function of the forms.c file in SoX version 14.4.2. An attacker can exploit this...

PT-2017-4258 · Gnome +5 · Libcroco +5

Name of the Vulnerable Software and Affected Versions: libcroco version 0.6.12 Description: The issue is related to the cr tknzr parse comment function in the cr-tknzr.c component of the libcroco library, which can cause a denial of service due to a memory allocation error when processing a craft...