EUVD-2025-4063

Malicious code in bioql PyPI...

CVE-2025-25154

Cross-Site Request Forgery CSRF vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a through = 1.0.8...

CVE-2025-25154

Cross-Site Request Forgery CSRF vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a through = 1.0.8...

CVE-2025-25154 WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8...

CVE-2025-25154

CVE-2025-25154 refers to a CSRF to stored XSS vulnerability in the WordPress plugin Custom Comment Notifications by scweber, affecting versions 1.0.8 and earlier . The issue is triggered via Cross-Site Request Forgery enabling stored XSS payloads, with no exploitation details publicly provided in...

CVE-2025-25154 WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in scweber Custom Comment Notifications custom-comment-notifications allows Stored XSS.This issue affects Custom Comment Notifications: from n/a through = 1.0.8...

PT-2025-5962 · Unknown · Scweber Custom Comment Notifications

Name of the Vulnerable Software and Affected Versions: scweber Custom Comment Notifications versions 1.0.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a...

WordPress plugin Custom Comment Notifications 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Custom Comment Notifications plugin <= 1.0.8 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Custom Comment Notifications versions = 1.0.8...

GHSA-XQXM-2RPM-3889 Comment reply notifications sent to incorrect users

Impact When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not had editing access t...

CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...

CVE-2022-21683 Comment reply notifications sent to incorrect users in wagtail

Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that ...

Torchbox Wagtail 信息泄露漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Torchbox Wagtail, a Django-based content management system focused on flexibility and user experience. When notifications of new replies are sent in comment threads, they are sent...

ExpressionEngine: Comment/channel unsubscribe GET CSRF

A vulnerability was identified and fixed that could have allowed attackers to unsubscribe users from comment notifications by exploiting the lack of CSRF protection...

User are receiving mobile notifications of restricted Jira comments that they cannot view when accessing Jira through a browser

Hi Jira Server mobile app beta users, We recently discovered a bug where Jira Server mobile app users receive all comment notifications from Jira issues they’re watching or assigned to, even if the comment had been restricted to exclude them. This means they’ll be able to view the content of...

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...

@mention Notification for Comments on Restricted Page in Confluence 5.4.x

In Confluence 5.4.x versions, the user is getting comment notifications in a page that he's restricted to view. If you restrict an user to view or edit the page through 'Tools Restrictions' and then comment in a page, the user will get the notification about it in the Workbox. h4.Steps to...