Important: golang

Issue Overview: A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. CVE-2025-61732 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.10.20260216 or dnf update --advisory ALAS2023-2026-1438...

PT-2026-20280

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions: wppm submit proj...

PT-2026-20304

The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input sanitization and output escaping on the plugin's label text option. This makes it possible for...

PT-2026-20298

The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion action in the cleanup page. This makes it possible for unauthenticated attackers to delete all pendi...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DeleteComment function, accessible via the /:owner/:repo/issues/comments/:id/delete endpoint. A user can delete comments from other users' repositories by sending POST requests for known comment IDs...

GHSA-JJ5M-H57J-5GV7 Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

Gogs Allows Cross-Repository Comment Deletion via DeleteComment

IDOR: Cross-Repository Comment Deletion via DeleteComment Summary The POST /:owner/:repo/issues/comments/:id/delete endpoint does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by...

PT-2026-20320

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, a self-hosted Git service, has an issue where the DeleteComment API does not properly verify if a comment belongs to the repository specified in the URL. This allows a repository administrator t...

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

CVE-2019-25388

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25386

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

CVE-2019-25388

The vulnerability CVE-2019-25388 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, specifically the ipblock.cgi endpoint. It is a reflected cross-site scripting flaw where a crafted POST request can inject script tags through SRC_IP and COMMENT parameters, allowing arbitrary JavaScript exe...

CVE-2019-25388 Smoothwall Express 3.1 'ipblock.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the ipblock.cgi endpoint. Attackers can inject script tags through the SRCIP and COMMENT paramete...

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the xtaccess.cgi endpoint. Attackers can inject script payloads through the EXT, DESTPORT, or...

CVE-2019-25387

Smoothwall Express 3.1-SP4-polar-x86_64-update9 is affected by a reflected cross-site scripting vulnerability in xtaccess.cgi. An unauthenticated attacker can inject JavaScript by sending crafted input to the xtaccess.cgi endpoint via POST, exploiting the EXT, DEST_PORT, or COMMENT parameters to ...

CVE-2019-25386

CVE-2019-25386 affects Smoothwall Express 3.1-SP4-polar-x86_64-update9, with multiple reflected XSS vulnerabilities in the dmzholes.cgi script. The issue allows attackers to inject arbitrary JavaScript into users’ browsers by submitting POST requests containing payloads in the SRC_IP, DEST_IP, or...

CVE-2019-25386 Smoothwall Express 3.1 'dmzholes.cgi' Cross-Site Scripting

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the SRCIP, DESTIP,...