Lucene search
K

3862 matches found

Positive Technologies
Positive Technologies
added 2025/11/19 12:0 a.m.5 views

PT-2025-47507

Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization flaw exists in the comment deletion functionality of Rallly, an open-source scheduling and collaboration tool. Authenticated users can delete comments belonging to other users,...

7.1CVSS6.5AI score0.0025EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/18 9:32 p.m.3 views

EUVD-2025-198083

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

6.8AI score0.00151EPSS
Exploits1References3
NVD
NVD
added 2025/11/18 7:15 p.m.2 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS0.00151EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 7:15 p.m.4 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

5.4CVSS7.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/18 6:58 a.m.7 views

CVE-2025-9501

The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the parsedynamicmfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post...

9CVSS8AI score0.19241EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress Plugin Comment Edit Core - Simple Comment Editing Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2025/11/18 12:0 a.m.11 views

CVE-2025-63693

CVE-2025-63693 affects DzzOffice 2.3.x. The vulnerability resides in the comment editing template (dzz/comment/template/edit_form.htm), which does not adequately escape user-controllable data across HTML and JavaScript contexts. This can allow low-privilege attackers to craft comment content or r...

5.4CVSS7AI score0.00151EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.3 views

DzzOffice 安全漏洞

DzzOffice is a platform from Big Desk DzzOffice that provides online collaborative office suite functionality. It provides online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version 2.3.x. The vulnerability stems from a comment...

5.4CVSS6.1AI score0.00151EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/18 12:0 a.m.5 views

PT-2025-47383

Name of the Vulnerable Software and Affected Versions DzzOffice versions 2.3.x Description The comment editing template in DzzOffice does not properly sanitize user-supplied data when handling HTML and JavaScript strings. This allows a low-privilege attacker to inject and execute arbitrary...

6.8AI score0.00151EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/18 12:0 a.m.3 views

CVE-2025-63693

The comment editing template dzz/comment/template/editform.htm in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to construct comment content or request parameters and...

7AI score0.00151EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/11/14 8:10 a.m.9 views

CVE-2025-12681

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/13 9:31 a.m.5 views

EUVD-2025-158263

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS5.4AI score0.00256EPSS
Exploits0References4
NVD
NVD
added 2025/11/13 8:15 a.m.6 views

CVE-2025-12681

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/13 7:27 a.m.3 views

CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS5.4AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2025/11/13 7:27 a.m.18 views

CVE-2025-12681

CVE-2025-12681 affects the WordPress plugin Comment Edit Core – Simple Comment Editing, up to version 3.1.0. The root cause is an unauthenticated exposure via the ajax_get_comment function, allowing any visitor to access sensitive data such as user IDs, IP addresses, and email addresses. Wordfenc...

5.3CVSS5.5AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/13 7:27 a.m.7 views

CVE-2025-12681 Comment Edit Core – Simple Comment Editing <= 3.1.0 - Unauthenticated Sensitive Information Exposure

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajaxgetcomment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, IP...

5.3CVSS0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.4 views

PT-2025-53379

Name of the Vulnerable Software and Affected Versions ONLYOFFICE Docs versions prior to 9.2.1 Description The software contains a flaw that allows for Cross-Site Scripting XSS within the textarea of the comment editing form. This issue is related to the DocumentServer component. Recommendations...

6.4CVSS5.8AI score0.00151EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.5 views

WordPress plugin Comment Edit Core – Simple Comment Editing 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...

5.3CVSS5.7AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46785

The Comment Edit Core – Simple Comment Editing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.0 via the 'ajax get comment' function. This makes it possible for unauthenticated attackers to extract sensitive data including user IDs, I...

5.3CVSS5.9AI score0.00256EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/11/12 11:45 p.m.5 views

WordPress Comment Edit Core – Simple Comment Editing plugin <= 3.1.0 - Unauthenticated Sensitive Information Exposure vulnerability

Unauthenticated Sensitive Information Exposure vulnerability discovered by Powpy in WordPress Plugin Comment Edit Core – Simple Comment Editing versions = 3.1.0...

5.3CVSS6.7AI score0.00256EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder