CVE-2025-23852

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in robin90 First Comment Redirect first-comment-redirect allows Reflected XSS.This issue affects First Comment Redirect: from n/a through = 1.0.3...

CVE-2025-23627

Cross-Site Request Forgery CSRF vulnerability in frenchsquared Comment-Emailer comment-emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through = 1.0.5...

CVE-2025-23826

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pedjas Stop Comment Spam stop-comment-spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through = 0.5.3...

CVE-2026-22233

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22231

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

CVE-2026-22231

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is executed whenever another user views the Action History Log. Fixed in OPEXUS eCASE Platform 11.14.1.0...

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

EUVD-2026-1517

This vulnerability allows a Backup or Tape Operator to write files as root...

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

PT-2026-2175

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2025-14468

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

CVE-2019-7176

An issue was discovered in GitLab Community and Enterprise Edition 8.x starting in 8.9, 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility...

CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

CVE-2025-14468

CVE-2025-14468 : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery up to and including version 1.1.9 due to inverted nonce verification in the amp_theme_ajaxcomments AJAX handler, allowing unauthenticated attackers to submit comments on beh...

PT-2026-2114

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...

WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability

WordPress AMP for WP - Accelerated Mobile Pages plugin = 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin AMP for WP versions = 1.1.9...

PT-2026-3759

Name of the Vulnerable Software and Affected Versions ImageMagick versions 14.10.1 and below ImageMagick version 7.x Description ImageMagick, a free and open-source software for editing and manipulating digital images, contains a NULL pointer dereference issue in the MSL Magick Scripting Language...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...