CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

CVE-2025-11468

When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization in the email header when folding a long comment that contains only unfoldable characters. An attacker can inject headers into a message between unhandled parentheses. Remediation A fix was pushed into the master...

MiracleLinux 8 : rust-toolset:rhel8 (AXSA:2022-2990:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2990:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

MiracleLinux 7 : fence-agents-4.2.1-24.el7 (AXSA:2019-3966:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3966:03 advisory. fence-agents: mis-handling of non-ASCII characters in guest comment fields CVE-2019-10153 Tenable has extracted the preceding description block directly from...

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

Phishing scammers are posting fake “account restricted” comments on LinkedIn

Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...

CVE-2025-15376 Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

CVE-2025-15376 Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

CVE-2025-15376

The CVE-2025-15376 entry concerns the WordPress plugin Stopwords for comments, versions up to 1.1. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation in set_stopwords_for_comments and delete_stopwords_for_comments. This allows unauthenticated attackers to a...

WordPress plugin Stopwords for comments 跨站请求伪造漏洞

The WordPress Stopwords for comments plugin is a pre-screening tool designed to help webmasters filter out user comments that contain certain banned words i.e. "stopwords". comments. The WordPress Stopwords for comments plugin suffers from a cross-site request forgery vulnerability that stems fro...

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

CVE-2022-50905

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

WordPress Stopwords for comments plugin <= 1.1 - Missing Authorization to Cross-Site Request Forgery vulnerability

Missing Authorization to Cross-Site Request Forgery vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Stopwords for comments versions = 1.1...

CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting XSS attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code...

CVE-2022-50905

CVE-2022-50905 affects e107 CMS v3.2.1. The issues: (1) a reflected XSS in the news comment flow, where an authenticated user can inject JavaScript via a URL parameter that executes when they click outside the comment field; (2) an upload restriction bypass for authenticated administrators that e...

CVE-2014-4163

Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...