CVE-2026-25120 – Gogs Allows Cross-Repository Comment Deletion via DeleteComment

CVE ID : CVE-2026-25120

Published : Feb. 19, 2026, 1:59 a.m. | 1 hour ago

Description : Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment IDs, bypassing authorization controls. The DeleteComment function retrieves a comment by ID without verifying repository ownership and the Database function DeleteCommentByID performs no repository validation. This issue has been fixed in version 0.14.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-25120 – Gogs Allows Cross-Repository Comment Deletion via DeleteComment

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-2690 – itsourcecode Event Management System Admin Login ajax.php sql injection

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-2692 – CoCoTeaNet CyreneAdmin Image getAvatar path traversal

CVE-2025-4960 – macOS Local Privilege Escalation via Improper Authorization Handling in EPSON Printer Controller Installer

CVE-2026-2691 – itsourcecode Event Management System manage_register.php sql injection

CVE-2026-24764 – OpenClaw has Remote Code Execution via System Prompt Injection in Slack Channel Descriptions