EUVD-2026-36008

Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands under the Ghidra user's privileges by embedding malicious URLs in program comments that victims click...

EUVD-2024-19789

Malicious code in bioql PyPI...

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

Improper Authorization

gitlab is vulnerable to Improper Authorization. An attacker could exploit this vulnerability to add malicious comments to vulnerabilities, which could then be seen by other users. These malicious comments could contain misinformation or phishing links, which could be used to deceive users and...

PT-2022-13125 · WordPress · Wp Ultimate Csv Importer

Name of the Vulnerable Software and Affected Versions: WP Ultimate CSV Importer WordPress plugin versions prior to 6.4.3 Description: The issue allows high privilege users to import malicious comments, potentially leading to Stored Cross-Site Scripting issues, due to the lack of sanitization and...