CVE-2025-4202

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

PT-2026-41425

Name of the Vulnerable Software and Affected Versions Multicollab: Content Team Collaboration and Editorial Workflow versions prior to 5.3 Description A missing capability check in the cf add comment function allows authenticated attackers with Subscriber-level access or higher to perform...

CVE-2026-41455 WeKan < 8.35 SSRF via Webhook URL

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

PT-2025-44794

Name of the Vulnerable Software and Affected Versions FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 Description A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization. This is due to missing authorization chec...

EUVD-2019-10662

Malware in sbrugna...

EUVD-2019-15454

Malware in sbrugna...

BIT-MOODLE-2024-25983 Msa-24-0006: idor on dashboard comments block

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

CVE-2024-25983

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

CVE-2024-25983

The CVE-2024-25983 entry concerns Moodle where insufficient checks in a web service allow adding comments to the comments block on another user’s dashboard (e.g., their profile) when not normally available. This is an authorization/IDOR-like issue affecting the dashboard comments feature. The cor...

Atlassian Jira < 7.13.12 Comment Permissions Broken Access Control

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.13.12, 8.0.0 prior to 8.5.4 or 8.6.0 prior to 8.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to make comments on a ticket to whi...

CVE-2021-39918

Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user to add comments to a vulnerability which cannot be accessed...

PT-2020-12153 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to post a comment on any article via a crafted request to the admin/ajax-hub.php endpoint. This is made possible by a CSRF weakness. Recommendations: For...

CVE-2019-6995

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control. Users are able to comment on locked project issues...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Moving an Issue to Private Repo Leaks Project Namespace Notification Emails Sent to Restricted Users Unauthorized Comments on Confidential Issues Merge Request Approval Count Inflation Unsanitized Branch Names on New Merge Request Notification Emails Improper Sanitation of...

CVE-2017-1000145

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments...

CVE-2017-1000145

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to anonymous comments being able to be placed on artefact detail pages even when the site administrator had disallowed anonymous comments...

Cross-Site Request Forgery

Cross-Site Request Forgery Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL: /jira/plugins/servlet/streamscomments This vulnerability enables...