3848 matches found
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...
CVE-2026-25120
Gogs CVE-2026-25120 affects versions 0.13.4 and earlier. The issue arises in DeleteComment: the API does not verify that the comment belongs to the repository specified in the URL, allowing a repository administrator to delete comments from other repositories by supplying arbitrary comment IDs. T...
CVE-2026-25120 Gogs Allows Cross-Repository Comment Deletion via DeleteComment
Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation for the comment parameter in th...
PT-2026-20806
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin profiles endpoint that executes in the...
SUSE SLES16 Security Update : go1.24 (SUSE-SU-2026:20429-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20429-1 advisory. Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allow...
Important: golang
Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between...
CVE-2026-2112 Dam Spam <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion
The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...
CVE-2026-2281
The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...
CVE-2026-2281
CVE-2026-2281 affects the WordPress plugin Private Comment . It is a Stored Cross-Site Scripting (XSS) via the “Label text” setting, in all versions up to 0.0.4. Attack requires authenticated Administrator+ access and applies on multisite installations or where unfiltered_html is disabled. The vu...
CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting
The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...
CVE-2026-1640 Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
CVE-2026-2281 Private Comment <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting
The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...
CVE-2026-2281
The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...
CVE-2026-1640
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...
WordPress Dam Spam plugin <= 1.0.8 - Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Pending Comment Deletion vulnerability discovered by Duong Quang Hao in WordPress Plugin Dam Spam versions = 1.0.8...
WordPress Private Comment plugin <= 0.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Label Text Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Label Text Setting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Private Comment versions = 0.0.4...
WordPress plugin Dam Spam 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Private Comment 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...