CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

CVE-2026-9185 6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

MINI-R72Q-2R27-5799

Bulletin has no description...

MINI-C2HG-9CX4-V3M4

Bulletin has no description...

SUSE CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

MINI-G9GX-H8J5-X3G8

Bulletin has no description...

MINI-WGXH-5438-2Q23

Bulletin has no description...

MINI-7C23-R4MG-Q24W

Bulletin has no description...

MINI-G95J-3296-6J2Q

Bulletin has no description...

MINI-6VMF-W8PM-3Q3P

Bulletin has no description...

MINI-MQ5X-43XQ-2H7X

Bulletin has no description...

MINI-V464-VJ4X-QPX6

Bulletin has no description...

MINI-VX7C-CVWG-R23V

Bulletin has no description...

PT-2026-48335

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user id parameter in the request. Attackers can pass another user's identifier to the get item...

RAT: Reference-Augmented Training for ASV Anti-Spoofing

We introduce a spoofing countermeasure architecture conditioned on speaker-reference recordings, but observe that it converges to a solution that effectively ignores the reference during inference. Surprisingly, training with a reference channel induces invariance that improves deepfake detection...

MINI-M5X2-4VF2-52GR

Bulletin has no description...

MINI-626Q-6CP2-GVX3

Bulletin has no description...

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +19891 more potentially affected by CVE-2026-47244 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.134.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

MINI-7G99-2HVP-CM4R

Bulletin has no description...