CVE-2026-25567 WeKan < 8.19 Card Comment Author Spoofing via User-controlled authorId

WeKan versions prior to 8.19 contain an insecure direct object reference IDOR in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier...

WeKan 安全漏洞

WeKan is a Kanban application from WeKan open source. WeKan suffers from a security vulnerability that can be exploited by an attacker to spoof the author of a recorded comment by providing another user's identifier...

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

Code injection

One Click Orgs before 1.2.3 does not require unique e-mail addresses for user accounts, which allows remote authenticated users to cause a denial of service login disruption or spoof votes or comments by selecting a conflicting e-mail address...

CVE-2002-0008

CVE-2002-0008 affects Bugzilla prior to 2.14.1. The vulnerability allows remote attackers to impersonate users: (1) spoof a user comment by sending a request to process_bug.cgi using the who parameter instead of the Bugzilla_login cookie, and (2) post a bug as another user by altering the reporte...