CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

CVE-2025-14468

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

CVE-2019-7176

An issue was discovered in GitLab Community and Enterprise Edition 8.x starting in 8.9, 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility...

CVE-2025-14468

CVE-2025-14468 : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery up to and including version 1.1.9 due to inverted nonce verification in the amp_theme_ajaxcomments AJAX handler, allowing unauthenticated attackers to submit comments on beh...

CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

PT-2026-2114

Name of the Vulnerable Software and Affected Versions ClipBucket versions 5.5.2 through 5.5.2-187 Description ClipBucket v5 is a video sharing platform susceptible to a Blind SQL Injection issue. The flaw exists within the add comment section of a channel. An attacker can exploit this by sending ...

WordPress AMP for WP - Accelerated Mobile Pages plugin <= 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability

WordPress AMP for WP - Accelerated Mobile Pages plugin = 1.1.9 - Cross-Site Request Forgery to Comment Submission vulnerability discovered by 0N0ise - cert.pl in WordPress Plugin AMP for WP versions = 1.1.9...

PT-2026-3759

Name of the Vulnerable Software and Affected Versions ImageMagick versions 14.10.1 and below ImageMagick version 7.x Description ImageMagick, a free and open-source software for editing and manipulating digital images, contains a NULL pointer dereference issue in the MSL Magick Scripting Language...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

CVE-2025-65442 describes a DOM-based XSS in the 201206030 novel system version 3.5.0. The root cause is insufficient validation/encoding of user-controllable data in the book_comment module: unfiltered input is stored in the database (book_comment.commentContent) and later rendered into the page ...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

CVE-2025-68917 affects ONLYOFFICE Docs (DocumentServer) prior to version 9.2.1. The issue is a cross-site scripting (XSS) vulnerability in the textarea of the comment editing form. Root cause details are not elaborated beyond the XSS in the description, but multiple sources confirm the affected p...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

CVE-2025-68917

ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...

SUSE CVE-2025-34458

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...