SUSE CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2026-2461

Mattermost Plugins versions

CVE-2026-2461 Missing authorization check allows unauthorized modification of other users' comments on a board

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.3, 11.0.3, 11.2.2, and 10.10.11.0 of Mattermost Plugins contain security vulnerabilities. These...

EUVD-2018-12722

Malware in sbrugna...

EUVD-2009-4837

Malware in sbrugna...

EUVD-2018-5336

Malware in sbrugna...

EUVD-2018-5337

Malware in sbrugna...

WordPress wProject theme < 5.8.0 - Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability

Unauthenticated Post/Comment/Attachment Modification/Deletion vulnerability discovered by Dave Jong Patchstack in WordPress Theme wProject versions 5.8.0...

WordPress plugin Wbcom Designs – BuddyPress Group Review 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Improper access control

GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential...

Cross site scripting

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS...

UBUNTU-CVE-2018-20153

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS...

DEBIAN-CVE-2018-20153

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS...

CVE-2018-20153

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS...

CVE-2018-13394

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery CSRF vulnerability...

Shopify: Stored XSS in blog comments through Shopify API

Hi there! As far I understand the Shopify Shop have blogs which allow users to comment on blog posts, however the comments with HTML content automatically gets sanitised and then posted to avoid XSS issue. However using the API for comment modification, any application with comment permission can...

CVE-2009-4874

TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...